better-auth 1.0.2 → 1.0.3

package/dist/index.js

@@ -1,6 +1,6 @@
-import{APIError as M,createRouter as Hr,getCookie as Gr,getSignedCookie as Kr,setCookie as Wr,setSignedCookie as Zr}from"better-call";import{APIError as Qt}from"better-call";import{createEndpointCreator as Wt,createMiddleware as Oe,createMiddlewareCreator as Zt}from"better-call";var Pe=Oe(async()=>({})),Z=Zt({use:[Pe,Oe(async()=>({}))]}),k=Wt({use:[Pe]});var Se=Z(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:n}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",s=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,u=r?.currentURL,o=n.trustedOrigins,d=e.headers?.has("cookie"),c=(p,m)=>m.includes("*")?new RegExp("^"+m.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(p):p.startsWith(m),l=(p,m)=>{if(!p)return;if(!o.some(g=>c(p,g)||p?.startsWith("/")&&m!=="origin"&&!p.includes(":")))throw e.context.logger.error(`Invalid ${m}: ${p}`),e.context.logger.info(`If it's a valid URL, please add ${p} to trustedOrigins in your auth config
-`,`Current list of trustedOrigins: ${o}`),new Qt("FORBIDDEN",{message:`Invalid ${m}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&l(i,"origin"),s&&l(s,"callbackURL"),a&&l(a,"redirectURL"),u&&l(u,"currentURL")});import{APIError as I}from"better-call";import{z as R}from"zod";import{TimeSpan as er}from"oslo";import{base64url as tr}from"oslo/encoding";import{HMAC as Le,sha256 as mn}from"oslo/crypto";function ge(e,t){let r=new Uint8Array(e),n=new Uint8Array(t);if(r.length!==n.length)return!1;let i=0;for(let s=0;s<r.length;s++)i|=r[s]^n[s];return i===0}async function Jt({value:e,secret:t}){return new Le("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function Yt({value:e,signature:t,secret:r}){return new Le("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var ne={sign:Jt,verify:Yt};var L=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},_e=class extends L{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var D=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var oe=Object.create(null),Q=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?oe:globalThis),P=new Proxy(oe,{get(e,t){return Q()[t]??oe[t]},has(e,t){let r=Q();return t in r||t in oe},set(e,t,r){let n=Q(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=Q(!0);return delete r[t],!0},ownKeys(){let e=Q(!0);return Object.keys(e)}});function Xt(e){return e?e!=="false":!1}var ie=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",J=ie==="production",Ce=ie==="dev"||ie==="development",De=ie==="test"||Xt(P.TEST);function An(e){let t=new Map;return e.split(", ").forEach(n=>{let i=n.split(";").map(l=>l.trim()),[s,...a]=i,[u,...o]=s.split("="),d=o.join("=");if(!u||d===void 0){console.warn(`Malformed cookie: ${n}`);return}let c={value:d};a.forEach(l=>{let[p,...m]=l.split("="),f=m.join("="),g=p.trim().toLowerCase();switch(g){case"max-age":c["max-age"]=f?parseInt(f.trim(),10):void 0;break;case"expires":c.expires=f?new Date(f.trim()):void 0;break;case"domain":c.domain=f?f.trim():void 0;break;case"path":c.path=f?f.trim():void 0;break;case"secure":c.secure=!0;break;case"httponly":c.httponly=!0;break;case"samesite":c.samesite=f?f.trim().toLowerCase():void 0;break;default:c[g]=f?f.trim():!0;break}}),t.set(u,c)}),t}function he(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):J)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,i=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!i)throw new L("baseURL is required when crossSubdomainCookies are enabled");function s(a,u={}){let o=e.advanced?.cookiePrefix||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${o}.${a}`,c=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...u,...c}}}return s}function Be(e){let t=he(e),r=e.session?.expiresIn||new er(7,"d").seconds(),n=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),s=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:s.name,options:s.attributes}}}async function O(e,t,r,n){let i=e.context.authCookies.sessionToken.options,s=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...i,maxAge:s,...n}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(tr.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:D(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await ne.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function N(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function In(e){let t=e.split("; "),r=new Map;return t.forEach(n=>{let[i,s]=n.split("=");r.set(i,s)}),r}import{betterFetch as dr}from"@better-fetch/fetch";import{APIError as cr}from"better-call";import{decodeProtectedHeader as ur,importJWK as lr,jwtVerify as pr}from"jose";import{parseJWT as fr}from"oslo/jwt";import{sha256 as rr}from"oslo/crypto";import{base64url as nr}from"oslo/encoding";async function qe(e){let t=await rr(new TextEncoder().encode(e));return nr.encode(new Uint8Array(t),{includePadding:!1})}function Ne(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?D(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function v({id:e,options:t,authorizationEndpoint:r,state:n,codeVerifier:i,scopes:s,claims:a,redirectURI:u}){let o=new URL(r);if(o.searchParams.set("response_type","code"),o.searchParams.set("client_id",t.clientId),o.searchParams.set("state",n),o.searchParams.set("scope",s.join(" ")),o.searchParams.set("redirect_uri",t.redirectURI||u),i){let d=await qe(i);o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("code_challenge",d)}if(a){let d=a.reduce((c,l)=>(c[l]=null,c),{});o.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return o}import{betterFetch as or}from"@better-fetch/fetch";async function x({code:e,codeVerifier:t,redirectURI:r,options:n,tokenEndpoint:i,authentication:s}){let a=new URLSearchParams,u={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(a.set("grant_type","authorization_code"),a.set("code",e),t&&a.set("code_verifier",t),a.set("redirect_uri",r),s==="basic"){let l=btoa(`${n.clientId}:${n.clientSecret}`);u.authorization=`Basic ${l}`}else a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:o,error:d}=await or(i,{method:"POST",body:a,headers:u});if(d)throw d;return Ne(o)}import{generateCodeVerifier as sr,generateState as ar}from"oslo/oauth2";import{z}from"zod";import{APIError as Fe}from"better-call";function ir(e){try{return new URL(e).pathname!=="/"}catch{throw new L(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ye(e,t="/api/auth"){return ir(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function Y(e,t){if(e)return ye(e,t);let r=P.BETTER_AUTH_URL||P.NEXT_PUBLIC_BETTER_AUTH_URL||P.PUBLIC_BETTER_AUTH_URL||P.NUXT_PUBLIC_BETTER_AUTH_URL||P.NUXT_PUBLIC_AUTH_URL||(P.BASE_URL!=="/"?P.BASE_URL:void 0);if(r)return ye(r,t);if(typeof window<"u"&&window.location)return ye(window.location.origin,t)}function je(e){try{return new URL(e).origin}catch{return null}}async function se(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?je(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Fe("BAD_REQUEST",{message:"callbackURL is required"});let n=sr(),i=ar(),s=JSON.stringify({callbackURL:r,codeVerifier:n,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let u=await e.context.internalAdapter.createVerificationValue({value:s,identifier:i,expiresAt:a});if(!u)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Fe("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:u.identifier,codeVerifier:n}}async function Ve(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let n=z.object({callbackURL:z.string(),codeVerifier:z.string(),errorURL:z.string().optional(),expiresAt:z.number(),link:z.object({email:z.string(),userId:z.string()}).optional()}).parse(JSON.parse(r.value));if(n.errorURL||(n.errorURL=`${e.context.baseURL}/error`),n.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),n}var $e=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:n,redirectURI:i}){let s=n||["email","name"];return e.scope&&s.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${s.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:i})=>x({code:r,codeVerifier:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,n){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,n);let i=ur(r),{kid:s,alg:a}=i;if(!s||!a)return!1;let u=await mr(s),{payload:o}=await pr(r,u,{algorithms:[a],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{o[d]!==void 0&&(o[d]=!!o[d])}),n&&o.nonce!==n?!1:!!o},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let n=fr(r.idToken)?.payload;if(!n)return null;let i=n.user?`${n.user.name.firstName} ${n.user.name.lastName}`:n.email;return{user:{id:n.sub,name:i,emailVerified:!1,email:n.email},data:n}}}},mr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:n}=await dr(`${t}${r}`);if(!n?.keys)throw new cr("BAD_REQUEST",{message:"Keys not found"});let i=n.keys.find(s=>s.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await lr(i,i.alg)};import{betterFetch as gr}from"@better-fetch/fetch";var ze=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||n)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await gr("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(n)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as hr}from"@better-fetch/fetch";var Me=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await v({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:n})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await hr("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return n?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as He}from"@better-fetch/fetch";var Ge=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:n,codeVerifier:i,redirectURI:s}){let a=n||["user:email"];return e.scope&&a.push(...e.scope),v({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:s})},validateAuthorizationCode:async({code:r,redirectURI:n})=>x({code:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:i}=await He("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let s=!1;if(!n.email){let{data:a,error:u}=await He("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});u||(n.email=(a.find(o=>o.primary)??a[0])?.email,s=a.find(o=>o.email===n.email)?.verified??!1)}return{user:{id:n.id.toString(),name:n.name||n.login,email:n.email,image:n.avatar_url,emailVerified:s},data:n}}}};import{parseJWT as Ar}from"oslo/jwt";import{createConsola as yr}from"consola";var we=["info","success","warn","error","debug"];function wr(e,t){return we.indexOf(t)<=we.indexOf(e)}var br=yr({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ae=e=>{let t=e?.disabled!==!0,r=e?.level??"error",n=(i,s,a=[])=>{if(!(!t||!wr(r,i))){if(!e||typeof e.log!="function"){br[i]("",s,...a);return}e.log(i==="success"?"info":i,s,a)}};return Object.fromEntries(we.map(i=>[i,(...[s,...a])=>n(i,s,a)]))},E=ae();import{betterFetch as kr}from"@better-fetch/fetch";var Ke=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw E.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new L("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new L("codeVerifier is required for Google");let s=r||["email","profile","openid"];e.scope&&s.push(...e.scope);let a=await v({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:s,state:t,codeVerifier:n,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let n=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await kr(n);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=Ar(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as xr}from"@better-fetch/fetch";import{parseJWT as vr}from"oslo/jwt";var We=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,n=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let s=i.scopes||["openid","profile","email","User.Read"];return e.scope&&s.push(...e.scope),v({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:s,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:s,redirectURI:a}){return x({code:i,codeVerifier:s,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:n})},async getUserInfo(i){if(e.getUserInfo)return e.getUserInfo(i);if(!i.idToken)return null;let s=vr(i.idToken)?.payload,a=e.profilePhotoSize||48;return await xr(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(u){if(!(e.disableProfilePhoto||!u.response.ok))try{let d=await u.response.clone().arrayBuffer(),c=Buffer.from(d).toString("base64");s.picture=`data:image/jpeg;base64, ${c}`}catch(o){E.error(o&&typeof o=="object"&&"name"in o?o.name:"",o)}}}),{user:{id:s.sub,name:s.name,email:s.email,image:s.picture,emailVerified:!0},data:s}}}};import{betterFetch as Rr}from"@better-fetch/fetch";var Ze=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:i}){let s=r||["user-read-email"];return e.scope&&s.push(...e.scope),v({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:s,state:t,codeVerifier:n,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Rr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});function Lo(e){return e.charAt(0).toUpperCase()+e.slice(1)}var H={isAction:!1};import{nanoid as Ur}from"nanoid";var q=e=>Ur(e);import{parseJWT as Tr}from"oslo/jwt";var Qe=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),v({id:"twitch",redirectURI:n,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return E.error("No idToken found in token"),null;let n=Tr(r)?.payload;return{user:{id:n.sub,name:n.preferred_username,email:n.email,image:n.picture,emailVerified:!1},data:n}}});import{betterFetch as Er}from"@better-fetch/fetch";var Je=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),v({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Er("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as Ir}from"@better-fetch/fetch";var Ye=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:n,codeVerifier:i,redirectURI:s})=>{let a=n||["account_info.read"];return e.scope&&a.push(...e.scope),await v({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:s,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:i})=>await x({code:r,codeVerifier:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:i}=await Ir("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:n.account_id,name:n.name?.display_name,email:n.email,emailVerified:n.email_verified||!1,image:n.profile_photo_url},data:n}}}};import{betterFetch as Or}from"@better-fetch/fetch";var Xe=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:n,scopes:i,redirectURI:s})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await v({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:n,redirectURI:s})},validateAuthorizationCode:async({code:n,redirectURI:i})=>await x({code:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(n){let{data:i,error:s}=await Or("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken}`}});return s?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};import{betterFetch as Pr}from"@better-fetch/fetch";var be=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Sr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:be(`${t}/oauth/authorize`),tokenEndpoint:be(`${t}/oauth/token`),userinfoEndpoint:be(`${t}/api/v4/user`)}},et=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:n}=Sr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:u,codeVerifier:o,redirectURI:d})=>{let c=u||["read_user"];return e.scope&&c.push(...e.scope),await v({id:i,options:e,authorizationEndpoint:t,scopes:c,state:a,redirectURI:d,codeVerifier:o})},validateAuthorizationCode:async({code:a,redirectURI:u,codeVerifier:o})=>x({code:a,redirectURI:e.redirectURI||u,options:e,codeVerifier:o,tokenEndpoint:r}),async getUserInfo(a){if(e.getUserInfo)return e.getUserInfo(a);let{data:u,error:o}=await Pr(n,{headers:{authorization:`Bearer ${a.accessToken}`}});return o||u.state!=="active"||u.locked?null:{user:{id:u.id.toString(),name:u.name??u.username,email:u.email,image:u.avatar_url,emailVerified:!0},data:u}}}};var Ae={apple:$e,discord:ze,facebook:Me,github:Ge,microsoft:We,google:Ke,spotify:Ze,twitch:Qe,twitter:Je,dropbox:Ye,linkedin:Xe,gitlab:et},de=Object.keys(Ae);import{TimeSpan as Lr}from"oslo";import{createJWT as _r,validateJWT as Cr}from"oslo/jwt";import{z as B}from"zod";import{APIError as ce}from"better-call";import{APIError as j}from"better-call";import{z as X}from"zod";function G(e){try{return JSON.parse(e)}catch{return null}}var ke=()=>k("/get-session",{method:"GET",query:X.optional(X.object({disableCookieCache:X.boolean({description:"Disable cookie cache and fetch session from database"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),n=r?G(Buffer.from(r,"base64").toString()):null;if(n&&!await ne.verify({value:JSON.stringify(n.session),signature:n?.signature,secret:e.context.secret}))return N(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(n?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let c=n.session;if(n.expiresAt<Date.now()||c.session.expiresAt<new Date){let p=e.context.authCookies.sessionData.name;e.setCookie(p,"",{maxAge:0})}else return e.json(c)}let s=await e.context.internalAdapter.findSession(t);if(!s||s.session.expiresAt<new Date)return N(e),s&&await e.context.internalAdapter.deleteSession(s.session.token),e.json(null);if(i)return e.json(s);let a=e.context.sessionConfig.expiresIn,u=e.context.sessionConfig.updateAge;if(s.session.expiresAt.valueOf()-a*1e3+u*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(s.session.token,{expiresAt:D(e.context.sessionConfig.expiresIn,"sec")});if(!c)return N(e),e.json(null,{status:401});let l=(c.expiresAt.valueOf()-Date.now())/1e3;return await O(e,{session:c,user:s.user},!1,{maxAge:l}),e.json({session:c,user:s.user})}return e.json(s)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new j("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),ee=async e=>{if(e.context.session)return e.context.session;let t=await ke()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},_=Z(async e=>{let t=await ee(e);if(!t?.session)throw new j("UNAUTHORIZED");return{session:t}}),tt=Z(async e=>{let t=await ee(e);if(!t?.session)throw new j("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,n=t.session.createdAt.valueOf(),i=Date.now();if(!(n+r*1e3>i))throw new j("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),rt=()=>k("/list-sessions",{method:"GET",use:[_],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(n=>n.expiresAt>new Date);return e.json(r)}),nt=k("/revoke-session",{method:"POST",body:X.object({token:X.string({description:"The token to revoke"})}),use:[_],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new j("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new j("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(n){throw e.context.logger.error(n&&typeof n=="object"&&"name"in n?n.name:"",n),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),ot=k("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),it=k("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[_],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new j("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(s=>s.expiresAt>new Date).filter(s=>s.token!==e.context.session.session.token);return await Promise.all(i.map(s=>e.context.internalAdapter.deleteSession(s.token))),e.json({status:!0})});async function F(e,t,r){return await _r("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Lr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var st=k("/send-verification-email",{method:"POST",query:B.object({currentURL:B.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:B.object({email:B.string({description:"The email to send the verification email to"}).email(),callbackURL:B.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new ce("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new ce("BAD_REQUEST",{message:"User not found"});let n=await F(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${n}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:i,token:n},e.request),e.json({status:!0})}),at=k("/verify-email",{method:"GET",query:B.object({token:B.string({description:"The token to verify the email"}),callbackURL:B.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(u){throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=${u}`):new ce("UNAUTHORIZED",{message:u})}let{token:r}=e.query,n;try{n=await Cr("HS256",Buffer.from(e.context.secret),r)}catch(u){return e.context.logger.error("Failed to verify email",u),t("invalid_token")}let s=B.object({email:B.string().email(),updateTo:B.string().optional()}).parse(n.payload),a=await e.context.internalAdapter.findUserByEmail(s.email);if(!a)return t("user_not_found");if(s.updateTo){let u=await ee(e);if(!u){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(u.user.email!==s.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let o=await e.context.internalAdapter.updateUserByEmail(s.email,{email:s.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:o,url:`${e.context.baseURL}/verify-email?token=${r}`,token:r},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:o,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(s.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await ee(e)){let o=await e.context.internalAdapter.createSession(a.user.id,e.request);if(!o)throw new ce("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await O(e,{session:o,user:a.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function ue(e,{userInfo:t,account:r,callbackURL:n}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(u=>{throw E.error(`Better auth was unable to query your database.
-Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),s=i?.user;if(i){let u=i.accounts.find(o=>o.providerId===r.providerId);if(u)await e.context.internalAdapter.updateAccount(u.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return Ce&&E.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(c){return E.error("Unable to link account",c),{error:"unable to link account",data:null}}}}else try{let u=t.emailVerified||!1;if(s=await e.context.internalAdapter.createOAuthUser({...t,id:void 0,emailVerified:u,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(o=>o?.user),!u&&s&&e.context.options.emailVerification?.sendOnSignUp){let o=await F(e.context.secret,s.email),d=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${n}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:s,url:d,token:o},e.request)}}catch(u){return E.error("Unable to create user",u),{error:"unable to create user",data:null}}if(!s)return{error:"unable to create user",data:null};let a=await e.context.internalAdapter.createSession(s.id,e.request);return a?{data:{session:a,user:s},error:null}:{error:"unable to create session",data:null}}var dt=k("/sign-in/social",{method:"POST",query:R.object({currentURL:R.string().optional()}).optional(),body:R.object({callbackURL:R.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),errorCallbackURL:R.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:R.enum(de,{description:"OAuth2 provider to use"}),disableRedirect:R.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:R.optional(R.object({token:R.string({description:"ID token from the provider"}),nonce:R.string({description:"Nonce used to generate the token"}).optional(),accessToken:R.string({description:"Access token from the provider"}).optional(),refreshToken:R.string({description:"Refresh token from the provider"}).optional(),expiresAt:R.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new I("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new I("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:s,nonce:a}=e.body.idToken;if(!await t.verifyIdToken(s,a))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new I("UNAUTHORIZED",{message:"Invalid id token"});let o=await t.getUserInfo({idToken:s,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!o||!o?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new I("UNAUTHORIZED",{message:"Failed to get user info"});if(!o.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new I("UNAUTHORIZED",{message:"User email not found"});let d=await ue(e,{userInfo:{email:o.user.email,id:o.user.id,name:o.user.name||"",image:o.user.image,emailVerified:o.user.emailVerified||!1},account:{providerId:t.id,accountId:o.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new I("UNAUTHORIZED",{message:d.error});return await O(e,d.data),e.json({session:d.data.session,user:d.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:n}=await se(e),i=await t.createAuthorizationURL({state:n,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!e.body.disableRedirect})}),ct=k("/sign-in/email",{method:"POST",body:R.object({email:R.string({description:"Email of the user"}),password:R.string({description:"Password of the user"}),callbackURL:R.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:R.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new I("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!R.string().email().safeParse(t).success)throw new I("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new I("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(d=>d.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new I("UNAUTHORIZED",{message:"Invalid email or password"});let a=s?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new I("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new I("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new I("UNAUTHORIZED",{message:"Email is not verified."});let d=await F(e.context.secret,i.user.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:c,token:d},e.request),e.context.logger.error("Email not verified",{email:t}),new I("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let o=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!o)throw e.context.logger.error("Failed to create session"),new I("UNAUTHORIZED",{message:"Failed to create session"});return await O(e,{session:o,user:i.user},e.body.rememberMe===!1),e.json({user:i.user,session:o,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as te}from"zod";var le=te.object({code:te.string().optional(),error:te.string().optional(),errorMessage:te.string().optional(),state:te.string().optional()}),ut=k("/callback/:id",{method:["GET","POST"],body:le.optional(),query:le.optional(),metadata:H},async e=>{let t;try{if(e.method==="GET")t=le.parse(e.query);else if(e.method==="POST")t=le.parse(e.body);else throw new Error("Unsupported method")}catch(h){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",h),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:n,state:i}=t;if(!i)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${n||"no_code"}`);let s=e.context.socialProviders.find(h=>h.id===e.params.id);if(!s)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:a,callbackURL:u,link:o,errorURL:d}=await Ve(e),c;try{c=await s.validateAuthorizationCode({code:r,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${s.id}`})}catch(h){throw e.context.logger.error("",h),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let l=await s.getUserInfo(c).then(h=>h?.user);function p(h){let w=d||u||`${e.context.baseURL}/error`;throw w.includes("?")?w=`${w}&error=${h}`:w=`${w}?error=${h}`,e.redirect(w)}if(!l)return e.context.logger.error("Unable to get user info"),p("unable_to_get_user_info");if(!l.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),p("email_not_found");if(!u)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(o){if(o.email!==l.email.toLowerCase())return p("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:o.userId,providerId:s.id,accountId:l.id}))return p("unable_to_link_account");let w;try{w=new URL(u).toString()}catch{w=u}throw e.redirect(w)}let m=await ue(e,{userInfo:{id:l.id,email:l.email,name:l.name||"",image:l.image,emailVerified:l.emailVerified||!1},account:{providerId:s.id,accountId:l.id,...c,scope:c.scopes?.join(",")},callbackURL:u});if(m.error)return e.context.logger.error(m.error.split(" ").join("_")),p(m.error.split(" ").join("_"));let{session:f,user:g}=m.data;await O(e,{session:f,user:g});let y;try{y=new URL(u).toString()}catch{y=u}throw e.redirect(y)});import"zod";import{APIError as Dr}from"better-call";var lt=k("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw N(e),new Dr("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),N(e),e.json({success:!0})});import{z as C}from"zod";import{APIError as xe}from"better-call";function pt(e,t,r){let n=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,s])=>n.searchParams.set(i,s)),n.href}function Br(e,t,r){let n=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,s])=>n.searchParams.set(i,s)),n.href}var ft=k("/forget-password",{method:"POST",body:C.object({email:C.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:C.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new xe("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,s=D(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i,"sec"),a=q(24);await e.context.internalAdapter.createVerificationValue({value:n.user.id,identifier:`reset-password:${a}`,expiresAt:s});let u=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:n.user,url:u,token:a},e.request),e.json({status:!0})}),mt=k("/reset-password/:token",{method:"GET",query:C.object({callbackURL:C.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(pt(e.context,r,{error:"INVALID_TOKEN"}));let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(pt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Br(e.context,r,{token:t}))}),gt=k("/reset-password",{query:C.optional(C.object({token:C.string().optional(),currentURL:C.string().optional()})),method:"POST",body:C.object({newPassword:C.string({description:"The new password to set"}),token:C.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new xe("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,n=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(n);if(!i||i.expiresAt<new Date)throw new xe("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let s=i.value,a=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(s)).find(d=>d.providerId==="credential")?(await e.context.internalAdapter.updatePassword(s,a),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:s,providerId:"credential",password:a,accountId:s}),e.json({status:!0}))});import{z as T}from"zod";import{APIError as S}from"better-call";import{z as A}from"zod";var Es=A.object({id:A.string(),providerId:A.string(),accountId:A.string(),userId:A.string(),accessToken:A.string().nullish(),refreshToken:A.string().nullish(),idToken:A.string().nullish(),accessTokenExpiresAt:A.date().nullish(),refreshTokenExpiresAt:A.date().nullish(),scope:A.string().nullish(),password:A.string().nullish(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date)}),Is=A.object({id:A.string(),email:A.string().transform(e=>e.toLowerCase()),emailVerified:A.boolean().default(!1),name:A.string(),image:A.string().nullish(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date)}),Os=A.object({id:A.string(),userId:A.string(),expiresAt:A.date(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date),token:A.string(),ipAddress:A.string().nullish(),userAgent:A.string().nullish()}),Ps=A.object({id:A.string(),value:A.string(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date),expiresAt:A.date(),identifier:A.string()});function ht(e,t){let r=t.fields,n={};for(let i in e){let s=r[i];if(!s){n[i]=e[i];continue}s.returned!==!1&&(n[i]=e[i])}return n}function ve(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let n of e.plugins||[])n.schema&&n.schema[t]&&(r={...r,...n.schema[t].fields});return r}function Re(e,t){let r=ve(e,"user");return ht(t,{fields:r})}function pe(e,t){let r=ve(e,"session");return ht(t,{fields:r})}function qr(e,t){let r=t.action||"create",n=t.fields,i={};for(let s in n){if(s in e){if(n[s].input===!1){if(n[s].defaultValue){i[s]=n[s].defaultValue;continue}continue}i[s]=e[s];continue}if(n[s].defaultValue&&r==="create"){i[s]=n[s].defaultValue;continue}}return i}function fe(e,t,r){let n=ve(e,"user");return qr(t||{},{fields:n,action:r})}var yt=()=>k("/update-user",{method:"POST",body:T.record(T.string(),T.any()),use:[_],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new S("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:n,...i}=t,s=e.context.session;if(!n&&!r&&Object.keys(i).length===0)return e.json({user:s.user});let a=fe(e.context.options,i,"update"),u=await e.context.internalAdapter.updateUserByEmail(s.user.email,{name:r,image:n,...a});return await O(e,{session:s.session,user:u}),e.json({user:u})}),wt=k("/change-password",{method:"POST",body:T.object({newPassword:T.string({description:"The new password to set"}),currentPassword:T.string({description:"The current password"}),revokeOtherSessions:T.boolean({description:"Revoke all other sessions"}).optional()}),use:[_],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:n}=e.body,i=e.context.session,s=e.context.password.config.minPasswordLength;if(t.length<s)throw e.context.logger.error("Password is too short"),new S("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new S("BAD_REQUEST",{message:"Password too long"});let o=(await e.context.internalAdapter.findAccounts(i.user.id)).find(l=>l.providerId==="credential"&&l.password);if(!o||!o.password)throw new S("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(o.password,r))throw new S("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(o.id,{password:d}),n){await e.context.internalAdapter.deleteSessions(i.user.id);let l=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!l)throw new S("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await O(e,{session:l,user:i.user})}return e.json(i.user)}),bt=k("/set-password",{method:"POST",body:T.object({newPassword:T.string()}),metadata:{SERVER_ONLY:!0},use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new S("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new S("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(o=>o.providerId==="credential"&&o.password),u=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:u}),e.json(r.user);throw new S("BAD_REQUEST",{message:"user already has a password"})}),At=k("/delete-user",{method:"POST",body:T.object({password:T.string({description:"The password of the user"})}),use:[tt],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{let t=e.context.session;return await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),N(e),e.json(null)}),kt=k("/change-email",{method:"POST",query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({newEmail:T.string({description:"The new email to set"}).email(),callbackURL:T.string({description:"The URL to redirect to after email verification"}).optional()}),use:[_],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new S("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new S("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new S("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new S("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await F(e.context.secret,e.context.session.user.email,e.body.newEmail),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:n,token:r},e.request),e.json({user:null,status:!0})});var Nr=(e="Unknown")=>`<!DOCTYPE html>
+import{APIError as M,createRouter as Gr,getCookie as Kr,getSignedCookie as Wr,setCookie as Qr,setSignedCookie as Zr}from"better-call";import{APIError as Zt}from"better-call";import{createEndpointCreator as Wt,createMiddleware as Oe,createMiddlewareCreator as Qt}from"better-call";var Se=Oe(async()=>({})),Q=Qt({use:[Se,Oe(async()=>({}))]}),k=Wt({use:[Se]});var Pe=Q(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:n}=e,s=e.headers?.get("origin")||e.headers?.get("referer")||"",i=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,u=r?.currentURL,o=n.trustedOrigins,d=e.headers?.has("cookie"),c=(p,m)=>m.includes("*")?new RegExp("^"+m.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(p):p.startsWith(m),l=(p,m)=>{if(!p)return;if(!o.some(g=>c(p,g)||p?.startsWith("/")&&m!=="origin"&&!p.includes(":")))throw e.context.logger.error(`Invalid ${m}: ${p}`),e.context.logger.info(`If it's a valid URL, please add ${p} to trustedOrigins in your auth config
+`,`Current list of trustedOrigins: ${o}`),new Zt("FORBIDDEN",{message:`Invalid ${m}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&l(s,"origin"),i&&l(i,"callbackURL"),a&&l(a,"redirectURL"),u&&l(u,"currentURL")});import{APIError as I}from"better-call";import{z as R}from"zod";import{TimeSpan as er}from"oslo";import{base64url as tr}from"oslo/encoding";import{HMAC as Le,sha256 as gn}from"oslo/crypto";function ge(e,t){let r=new Uint8Array(e),n=new Uint8Array(t);if(r.length!==n.length)return!1;let s=0;for(let i=0;i<r.length;i++)s|=r[i]^n[i];return s===0}async function Jt({value:e,secret:t}){return new Le("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function Yt({value:e,signature:t,secret:r}){return new Le("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var oe={sign:Jt,verify:Yt};var L=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},_e=class extends L{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var D=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var ie=Object.create(null),Z=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?ie:globalThis),S=new Proxy(ie,{get(e,t){return Z()[t]??ie[t]},has(e,t){let r=Z();return t in r||t in ie},set(e,t,r){let n=Z(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=Z(!0);return delete r[t],!0},ownKeys(){let e=Z(!0);return Object.keys(e)}});function Xt(e){return e?e!=="false":!1}var se=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",J=se==="production",Ce=se==="dev"||se==="development",De=se==="test"||Xt(S.TEST);function kn(e){let t=new Map;return e.split(", ").forEach(n=>{let s=n.split(";").map(l=>l.trim()),[i,...a]=s,[u,...o]=i.split("="),d=o.join("=");if(!u||d===void 0){console.warn(`Malformed cookie: ${n}`);return}let c={value:d};a.forEach(l=>{let[p,...m]=l.split("="),f=m.join("="),g=p.trim().toLowerCase();switch(g){case"max-age":c["max-age"]=f?parseInt(f.trim(),10):void 0;break;case"expires":c.expires=f?new Date(f.trim()):void 0;break;case"domain":c.domain=f?f.trim():void 0;break;case"path":c.path=f?f.trim():void 0;break;case"secure":c.secure=!0;break;case"httponly":c.httponly=!0;break;case"samesite":c.samesite=f?f.trim().toLowerCase():void 0;break;default:c[g]=f?f.trim():!0;break}}),t.set(u,c)}),t}function he(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):J)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,s=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!s)throw new L("baseURL is required when crossSubdomainCookies are enabled");function i(a,u={}){let o=e.advanced?.cookiePrefix||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${o}.${a}`,c=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:s}:{},...e.advanced?.defaultCookieAttributes,...u,...c}}}return i}function Be(e){let t=he(e),r=e.session?.expiresIn||new er(7,"d").seconds(),n=t("session_token",{maxAge:r}),s=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),i=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:s.name,options:s.attributes},dontRememberToken:{name:i.name,options:i.attributes}}}async function O(e,t,r,n){let s=e.context.authCookies.sessionToken.options,i=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...s,maxAge:i,...n}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(tr.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:D(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await oe.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function N(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function On(e){let t=e.split("; "),r=new Map;return t.forEach(n=>{let[s,i]=n.split("=");r.set(s,i)}),r}import{betterFetch as dr}from"@better-fetch/fetch";import{APIError as cr}from"better-call";import{decodeProtectedHeader as ur,importJWK as lr,jwtVerify as pr}from"jose";import{parseJWT as fr}from"oslo/jwt";import{sha256 as rr}from"oslo/crypto";import{base64url as nr}from"oslo/encoding";async function qe(e){let t=await rr(new TextEncoder().encode(e));return nr.encode(new Uint8Array(t),{includePadding:!1})}function Ne(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?D(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function v({id:e,options:t,authorizationEndpoint:r,state:n,codeVerifier:s,scopes:i,claims:a,redirectURI:u}){let o=new URL(r);if(o.searchParams.set("response_type","code"),o.searchParams.set("client_id",t.clientId),o.searchParams.set("state",n),o.searchParams.set("scope",i.join(" ")),o.searchParams.set("redirect_uri",t.redirectURI||u),s){let d=await qe(s);o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("code_challenge",d)}if(a){let d=a.reduce((c,l)=>(c[l]=null,c),{});o.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return o}import{betterFetch as or}from"@better-fetch/fetch";async function x({code:e,codeVerifier:t,redirectURI:r,options:n,tokenEndpoint:s,authentication:i}){let a=new URLSearchParams,u={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(a.set("grant_type","authorization_code"),a.set("code",e),t&&a.set("code_verifier",t),a.set("redirect_uri",r),i==="basic"){let l=btoa(`${n.clientId}:${n.clientSecret}`);u.authorization=`Basic ${l}`}else a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:o,error:d}=await or(s,{method:"POST",body:a,headers:u});if(d)throw d;return Ne(o)}import{generateCodeVerifier as sr,generateState as ar}from"oslo/oauth2";import{z}from"zod";import{APIError as Ve}from"better-call";function ir(e){try{return new URL(e).pathname!=="/"}catch{throw new L(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ye(e,t="/api/auth"){return ir(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function Y(e,t){if(e)return ye(e,t);let r=S.BETTER_AUTH_URL||S.NEXT_PUBLIC_BETTER_AUTH_URL||S.PUBLIC_BETTER_AUTH_URL||S.NUXT_PUBLIC_BETTER_AUTH_URL||S.NUXT_PUBLIC_AUTH_URL||(S.BASE_URL!=="/"?S.BASE_URL:void 0);if(r)return ye(r,t);if(typeof window<"u"&&window.location)return ye(window.location.origin,t)}function je(e){try{return new URL(e).origin}catch{return null}}async function ae(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?je(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Ve("BAD_REQUEST",{message:"callbackURL is required"});let n=sr(),s=ar(),i=JSON.stringify({callbackURL:r,codeVerifier:n,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let u=await e.context.internalAdapter.createVerificationValue({value:i,identifier:s,expiresAt:a});if(!u)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Ve("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:u.identifier,codeVerifier:n}}async function Fe(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let n=z.object({callbackURL:z.string(),codeVerifier:z.string(),errorURL:z.string().optional(),expiresAt:z.number(),link:z.object({email:z.string(),userId:z.string()}).optional()}).parse(JSON.parse(r.value));if(n.errorURL||(n.errorURL=`${e.context.baseURL}/error`),n.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),n}var $e=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:n,redirectURI:s}){let i=n||["email","name"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${s||e.redirectURI}&scope=${i.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:s})=>x({code:r,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:t}),async verifyIdToken(r,n){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,n);let s=ur(r),{kid:i,alg:a}=s;if(!i||!a)return!1;let u=await mr(i),{payload:o}=await pr(r,u,{algorithms:[a],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{o[d]!==void 0&&(o[d]=!!o[d])}),n&&o.nonce!==n?!1:!!o},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let n=fr(r.idToken)?.payload;if(!n)return null;let s=n.user?`${n.user.name.firstName} ${n.user.name.lastName}`:n.email;return{user:{id:n.sub,name:s,emailVerified:!1,email:n.email},data:n}}}},mr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:n}=await dr(`${t}${r}`);if(!n?.keys)throw new cr("BAD_REQUEST",{message:"Keys not found"});let s=n.keys.find(i=>i.kid===e);if(!s)throw new Error(`JWK with kid ${e} not found`);return await lr(s,s.alg)};import{betterFetch as gr}from"@better-fetch/fetch";var ze=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let s=r||["identify","email"];return e.scope&&s.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${s.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||n)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await gr("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(n)return null;if(r.avatar===null){let s=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${s}.png`}else{let s=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${s}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as hr}from"@better-fetch/fetch";var Me=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let s=r||["email","public_profile"];return e.scope&&s.push(...e.scope),await v({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:s,state:t,redirectURI:n})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await hr("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return n?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as He}from"@better-fetch/fetch";var Ge=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:n,codeVerifier:s,redirectURI:i}){let a=n||["user:email"];return e.scope&&a.push(...e.scope),v({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:i})},validateAuthorizationCode:async({code:r,redirectURI:n})=>x({code:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:s}=await He("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(s)return null;let i=!1;if(!n.email){let{data:a,error:u}=await He("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});u||(n.email=(a.find(o=>o.primary)??a[0])?.email,i=a.find(o=>o.email===n.email)?.verified??!1)}return{user:{id:n.id.toString(),name:n.name||n.login,email:n.email,image:n.avatar_url,emailVerified:i},data:n}}}};import{parseJWT as Ar}from"oslo/jwt";import{createConsola as yr}from"consola";var we=["info","success","warn","error","debug"];function wr(e,t){return we.indexOf(t)<=we.indexOf(e)}var br=yr({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),de=e=>{let t=e?.disabled!==!0,r=e?.level??"error",n=(s,i,a=[])=>{if(!(!t||!wr(r,s))){if(!e||typeof e.log!="function"){br[s]("",i,...a);return}e.log(s==="success"?"info":s,i,a)}};return Object.fromEntries(we.map(s=>[s,(...[i,...a])=>n(s,i,a)]))},E=de();import{betterFetch as kr}from"@better-fetch/fetch";var Ke=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:s}){if(!e.clientId||!e.clientSecret)throw E.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new L("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new L("codeVerifier is required for Google");let i=r||["email","profile","openid"];e.scope&&i.push(...e.scope);let a=await v({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:n,redirectURI:s});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let n=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:s}=await kr(n);return s?s.aud===e.clientId&&s.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=Ar(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as xr}from"@better-fetch/fetch";import{parseJWT as vr}from"oslo/jwt";var We=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,n=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(s){let i=s.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),v({id:"microsoft",options:e,authorizationEndpoint:r,state:s.state,codeVerifier:s.codeVerifier,scopes:i,redirectURI:s.redirectURI})},validateAuthorizationCode({code:s,codeVerifier:i,redirectURI:a}){return x({code:s,codeVerifier:i,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:n})},async getUserInfo(s){if(e.getUserInfo)return e.getUserInfo(s);if(!s.idToken)return null;let i=vr(s.idToken)?.payload,a=e.profilePhotoSize||48;return await xr(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${s.accessToken}`},async onResponse(u){if(!(e.disableProfilePhoto||!u.response.ok))try{let d=await u.response.clone().arrayBuffer(),c=Buffer.from(d).toString("base64");i.picture=`data:image/jpeg;base64, ${c}`}catch(o){E.error(o&&typeof o=="object"&&"name"in o?o.name:"",o)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as Rr}from"@better-fetch/fetch";var Qe=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:s}){let i=r||["user-read-email"];return e.scope&&i.push(...e.scope),v({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:n,redirectURI:s})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Rr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});function _o(e){return e.charAt(0).toUpperCase()+e.slice(1)}var H={isAction:!1};import{nanoid as Ur}from"nanoid";var q=e=>Ur(e);import{parseJWT as Tr}from"oslo/jwt";var Ze=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let s=r||["user:read:email","openid"];return e.scope&&s.push(...e.scope),v({id:"twitch",redirectURI:n,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:s,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return E.error("No idToken found in token"),null;let n=Tr(r)?.payload;return{user:{id:n.sub,name:n.preferred_username,email:n.email,image:n.picture,emailVerified:!1},data:n}}});import{betterFetch as Er}from"@better-fetch/fetch";var Je=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),v({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Er("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as Ir}from"@better-fetch/fetch";var Ye=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:n,codeVerifier:s,redirectURI:i})=>{let a=n||["account_info.read"];return e.scope&&a.push(...e.scope),await v({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:i,codeVerifier:s})},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:s})=>await x({code:r,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:s}=await Ir("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return s?null:{user:{id:n.account_id,name:n.name?.display_name,email:n.email,emailVerified:n.email_verified||!1,image:n.profile_photo_url},data:n}}}};import{betterFetch as Or}from"@better-fetch/fetch";var Xe=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:n,scopes:s,redirectURI:i})=>{let a=s||["profile","email","openid"];return e.scope&&a.push(...e.scope),await v({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:n,redirectURI:i})},validateAuthorizationCode:async({code:n,redirectURI:s})=>await x({code:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:r}),async getUserInfo(n){let{data:s,error:i}=await Or("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken}`}});return i?null:{user:{id:s.sub,name:s.name,email:s.email,emailVerified:s.email_verified||!1,image:s.picture},data:s}}}};import{betterFetch as Sr}from"@better-fetch/fetch";var be=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Pr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:be(`${t}/oauth/authorize`),tokenEndpoint:be(`${t}/oauth/token`),userinfoEndpoint:be(`${t}/api/v4/user`)}},et=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:n}=Pr(e.issuer),s="gitlab";return{id:s,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:u,codeVerifier:o,redirectURI:d})=>{let c=u||["read_user"];return e.scope&&c.push(...e.scope),await v({id:s,options:e,authorizationEndpoint:t,scopes:c,state:a,redirectURI:d,codeVerifier:o})},validateAuthorizationCode:async({code:a,redirectURI:u,codeVerifier:o})=>x({code:a,redirectURI:e.redirectURI||u,options:e,codeVerifier:o,tokenEndpoint:r}),async getUserInfo(a){if(e.getUserInfo)return e.getUserInfo(a);let{data:u,error:o}=await Sr(n,{headers:{authorization:`Bearer ${a.accessToken}`}});return o||u.state!=="active"||u.locked?null:{user:{id:u.id.toString(),name:u.name??u.username,email:u.email,image:u.avatar_url,emailVerified:!0},data:u}}}};var Ae={apple:$e,discord:ze,facebook:Me,github:Ge,microsoft:We,google:Ke,spotify:Qe,twitch:Ze,twitter:Je,dropbox:Ye,linkedin:Xe,gitlab:et},ce=Object.keys(Ae);import{TimeSpan as Lr}from"oslo";import{createJWT as _r,validateJWT as Cr}from"oslo/jwt";import{z as B}from"zod";import{APIError as te}from"better-call";import{APIError as j}from"better-call";import{z as X}from"zod";function G(e){try{return JSON.parse(e)}catch{return null}}var ke=()=>k("/get-session",{method:"GET",query:X.optional(X.object({disableCookieCache:X.boolean({description:"Disable cookie cache and fetch session from database"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),n=r?G(Buffer.from(r,"base64").toString()):null;if(n&&!await oe.verify({value:JSON.stringify(n.session),signature:n?.signature,secret:e.context.secret}))return N(e),e.json(null);let s=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(n?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let c=n.session;if(n.expiresAt<Date.now()||c.session.expiresAt<new Date){let p=e.context.authCookies.sessionData.name;e.setCookie(p,"",{maxAge:0})}else return e.json(c)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return N(e),i&&await e.context.internalAdapter.deleteSession(i.session.token),e.json(null);if(s)return e.json(i);let a=e.context.sessionConfig.expiresIn,u=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-a*1e3+u*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(i.session.token,{expiresAt:D(e.context.sessionConfig.expiresIn,"sec")});if(!c)return N(e),e.json(null,{status:401});let l=(c.expiresAt.valueOf()-Date.now())/1e3;return await O(e,{session:c,user:i.user},!1,{maxAge:l}),e.json({session:c,user:i.user})}return e.json(i)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new j("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),ee=async e=>{if(e.context.session)return e.context.session;let t=await ke()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},_=Q(async e=>{let t=await ee(e);if(!t?.session)throw new j("UNAUTHORIZED");return{session:t}}),tt=Q(async e=>{let t=await ee(e);if(!t?.session)throw new j("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,n=t.session.createdAt.valueOf(),s=Date.now();if(!(n+r*1e3>s))throw new j("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),rt=()=>k("/list-sessions",{method:"GET",use:[_],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(n=>n.expiresAt>new Date);return e.json(r)}),nt=k("/revoke-session",{method:"POST",body:X.object({token:X.string({description:"The token to revoke"})}),use:[_],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new j("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new j("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(n){throw e.context.logger.error(n&&typeof n=="object"&&"name"in n?n.name:"",n),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),ot=k("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),it=k("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[_],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new j("UNAUTHORIZED");let s=(await e.context.internalAdapter.listSessions(t.user.id)).filter(i=>i.expiresAt>new Date).filter(i=>i.token!==e.context.session.session.token);return await Promise.all(s.map(i=>e.context.internalAdapter.deleteSession(i.token))),e.json({status:!0})});async function V(e,t,r){return await _r("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Lr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}async function Dr(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new te("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await V(e.context.secret,t.email),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:n,token:r},e.request)}var st=k("/send-verification-email",{method:"POST",query:B.object({currentURL:B.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:B.object({email:B.string({description:"The email to send the verification email to"}).email(),callbackURL:B.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new te("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new te("BAD_REQUEST",{message:"User not found"});return await Dr(e,r.user),e.json({status:!0})}),at=k("/verify-email",{method:"GET",query:B.object({token:B.string({description:"The token to verify the email"}),callbackURL:B.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(u){throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=${u}`):new te("UNAUTHORIZED",{message:u})}let{token:r}=e.query,n;try{n=await Cr("HS256",Buffer.from(e.context.secret),r)}catch(u){return e.context.logger.error("Failed to verify email",u),t("invalid_token")}let i=B.object({email:B.string().email(),updateTo:B.string().optional()}).parse(n.payload),a=await e.context.internalAdapter.findUserByEmail(i.email);if(!a)return t("user_not_found");if(i.updateTo){let u=await ee(e);if(!u){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(u.user.email!==i.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let o=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:o,url:`${e.context.baseURL}/verify-email?token=${r}`,token:r},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:o,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await ee(e)){let o=await e.context.internalAdapter.createSession(a.user.id,e.request);if(!o)throw new te("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await O(e,{session:o,user:a.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function ue(e,{userInfo:t,account:r,callbackURL:n}){let s=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(u=>{throw E.error(`Better auth was unable to query your database.
+Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),i=s?.user;if(s){let u=s.accounts.find(o=>o.providerId===r.providerId);if(u)await e.context.internalAdapter.updateAccount(u.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return Ce&&E.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:s.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(c){return E.error("Unable to link account",c),{error:"unable to link account",data:null}}}}else try{let u=t.emailVerified||!1;if(i=await e.context.internalAdapter.createOAuthUser({...t,id:void 0,emailVerified:u,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(o=>o?.user),!u&&i&&e.context.options.emailVerification?.sendOnSignUp){let o=await V(e.context.secret,i.email),d=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${n}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:i,url:d,token:o},e.request)}}catch(u){return E.error("Unable to create user",u),{error:"unable to create user",data:null}}if(!i)return{error:"unable to create user",data:null};let a=await e.context.internalAdapter.createSession(i.id,e.request);return a?{data:{session:a,user:i},error:null}:{error:"unable to create session",data:null}}var dt=k("/sign-in/social",{method:"POST",query:R.object({currentURL:R.string().optional()}).optional(),body:R.object({callbackURL:R.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),errorCallbackURL:R.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:R.enum(ce,{description:"OAuth2 provider to use"}),disableRedirect:R.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:R.optional(R.object({token:R.string({description:"ID token from the provider"}),nonce:R.string({description:"Nonce used to generate the token"}).optional(),accessToken:R.string({description:"Access token from the provider"}).optional(),refreshToken:R.string({description:"Refresh token from the provider"}).optional(),expiresAt:R.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(i=>i.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new I("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new I("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:i,nonce:a}=e.body.idToken;if(!await t.verifyIdToken(i,a))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new I("UNAUTHORIZED",{message:"Invalid id token"});let o=await t.getUserInfo({idToken:i,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!o||!o?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new I("UNAUTHORIZED",{message:"Failed to get user info"});if(!o.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new I("UNAUTHORIZED",{message:"User email not found"});let d=await ue(e,{userInfo:{email:o.user.email,id:o.user.id,name:o.user.name||"",image:o.user.image,emailVerified:o.user.emailVerified||!1},account:{providerId:t.id,accountId:o.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new I("UNAUTHORIZED",{message:d.error});return await O(e,d.data),e.json({session:d.data.session,user:d.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:n}=await ae(e),s=await t.createAuthorizationURL({state:n,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:s.toString(),redirect:!e.body.disableRedirect})}),ct=k("/sign-in/email",{method:"POST",body:R.object({email:R.string({description:"Email of the user"}),password:R.string({description:"Password of the user"}),callbackURL:R.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:R.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new I("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!R.string().email().safeParse(t).success)throw new I("BAD_REQUEST",{message:"Invalid email"});let s=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!s)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new I("UNAUTHORIZED",{message:"Invalid email or password"});let i=s.accounts.find(d=>d.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new I("UNAUTHORIZED",{message:"Invalid email or password"});let a=i?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new I("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new I("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!s.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new I("UNAUTHORIZED",{message:"Email is not verified."});let d=await V(e.context.secret,s.user.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:s.user,url:c,token:d},e.request),e.context.logger.error("Email not verified",{email:t}),new I("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let o=await e.context.internalAdapter.createSession(s.user.id,e.headers,e.body.rememberMe===!1);if(!o)throw e.context.logger.error("Failed to create session"),new I("UNAUTHORIZED",{message:"Failed to create session"});return await O(e,{session:o,user:s.user},e.body.rememberMe===!1),e.json({user:s.user,session:o,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as re}from"zod";var le=re.object({code:re.string().optional(),error:re.string().optional(),errorMessage:re.string().optional(),state:re.string().optional()}),ut=k("/callback/:id",{method:["GET","POST"],body:le.optional(),query:le.optional(),metadata:H},async e=>{let t;try{if(e.method==="GET")t=le.parse(e.query);else if(e.method==="POST")t=le.parse(e.body);else throw new Error("Unsupported method")}catch(h){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",h),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:n,state:s}=t;if(!s)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${n||"no_code"}`);let i=e.context.socialProviders.find(h=>h.id===e.params.id);if(!i)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:a,callbackURL:u,link:o,errorURL:d}=await Fe(e),c;try{c=await i.validateAuthorizationCode({code:r,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${i.id}`})}catch(h){throw e.context.logger.error("",h),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let l=await i.getUserInfo(c).then(h=>h?.user);function p(h){let w=d||u||`${e.context.baseURL}/error`;throw w.includes("?")?w=`${w}&error=${h}`:w=`${w}?error=${h}`,e.redirect(w)}if(!l)return e.context.logger.error("Unable to get user info"),p("unable_to_get_user_info");if(!l.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),p("email_not_found");if(!u)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(o){if(o.email!==l.email.toLowerCase())return p("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:o.userId,providerId:i.id,accountId:l.id}))return p("unable_to_link_account");let w;try{w=new URL(u).toString()}catch{w=u}throw e.redirect(w)}let m=await ue(e,{userInfo:{id:l.id,email:l.email,name:l.name||"",image:l.image,emailVerified:l.emailVerified||!1},account:{providerId:i.id,accountId:l.id,...c,scope:c.scopes?.join(",")},callbackURL:u});if(m.error)return e.context.logger.error(m.error.split(" ").join("_")),p(m.error.split(" ").join("_"));let{session:f,user:g}=m.data;await O(e,{session:f,user:g});let y;try{y=new URL(u).toString()}catch{y=u}throw e.redirect(y)});import"zod";import{APIError as Br}from"better-call";var lt=k("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw N(e),new Br("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),N(e),e.json({success:!0})});import{z as C}from"zod";import{APIError as xe}from"better-call";function pt(e,t,r){let n=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([s,i])=>n.searchParams.set(s,i)),n.href}function qr(e,t,r){let n=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([s,i])=>n.searchParams.set(s,i)),n.href}var ft=k("/forget-password",{method:"POST",body:C.object({email:C.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:C.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new xe("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let s=60*60*1,i=D(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||s,"sec"),a=q(24);await e.context.internalAdapter.createVerificationValue({value:n.user.id,identifier:`reset-password:${a}`,expiresAt:i});let u=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:n.user,url:u,token:a},e.request),e.json({status:!0})}),mt=k("/reset-password/:token",{method:"GET",query:C.object({callbackURL:C.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(pt(e.context,r,{error:"INVALID_TOKEN"}));let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(pt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(qr(e.context,r,{token:t}))}),gt=k("/reset-password",{query:C.optional(C.object({token:C.string().optional(),currentURL:C.string().optional()})),method:"POST",body:C.object({newPassword:C.string({description:"The new password to set"}),token:C.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new xe("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,n=`reset-password:${t}`,s=await e.context.internalAdapter.findVerificationValue(n);if(!s||s.expiresAt<new Date)throw new xe("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(s.id);let i=s.value,a=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(i)).find(d=>d.providerId==="credential")?(await e.context.internalAdapter.updatePassword(i,a),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:a,accountId:i}),e.json({status:!0}))});import{z as T}from"zod";import{APIError as P}from"better-call";import{z as A}from"zod";var Is=A.object({id:A.string(),providerId:A.string(),accountId:A.string(),userId:A.string(),accessToken:A.string().nullish(),refreshToken:A.string().nullish(),idToken:A.string().nullish(),accessTokenExpiresAt:A.date().nullish(),refreshTokenExpiresAt:A.date().nullish(),scope:A.string().nullish(),password:A.string().nullish(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date)}),Os=A.object({id:A.string(),email:A.string().transform(e=>e.toLowerCase()),emailVerified:A.boolean().default(!1),name:A.string(),image:A.string().nullish(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date)}),Ss=A.object({id:A.string(),userId:A.string(),expiresAt:A.date(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date),token:A.string(),ipAddress:A.string().nullish(),userAgent:A.string().nullish()}),Ps=A.object({id:A.string(),value:A.string(),createdAt:A.date().default(()=>new Date),updatedAt:A.date().default(()=>new Date),expiresAt:A.date(),identifier:A.string()});function ht(e,t){let r=t.fields,n={};for(let s in e){let i=r[s];if(!i){n[s]=e[s];continue}i.returned!==!1&&(n[s]=e[s])}return n}function ve(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let n of e.plugins||[])n.schema&&n.schema[t]&&(r={...r,...n.schema[t].fields});return r}function Re(e,t){let r=ve(e,"user");return ht(t,{fields:r})}function pe(e,t){let r=ve(e,"session");return ht(t,{fields:r})}function Nr(e,t){let r=t.action||"create",n=t.fields,s={};for(let i in n){if(i in e){if(n[i].input===!1){if(n[i].defaultValue){s[i]=n[i].defaultValue;continue}continue}s[i]=e[i];continue}if(n[i].defaultValue&&r==="create"){s[i]=n[i].defaultValue;continue}}return s}function fe(e,t,r){let n=ve(e,"user");return Nr(t||{},{fields:n,action:r})}var yt=()=>k("/update-user",{method:"POST",body:T.record(T.string(),T.any()),use:[_],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new P("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:n,...s}=t,i=e.context.session;if(!n&&!r&&Object.keys(s).length===0)return e.json({user:i.user});let a=fe(e.context.options,s,"update"),u=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:r,image:n,...a});return await O(e,{session:i.session,user:u}),e.json({user:u})}),wt=k("/change-password",{method:"POST",body:T.object({newPassword:T.string({description:"The new password to set"}),currentPassword:T.string({description:"The current password"}),revokeOtherSessions:T.boolean({description:"Revoke all other sessions"}).optional()}),use:[_],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:n}=e.body,s=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new P("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new P("BAD_REQUEST",{message:"Password too long"});let o=(await e.context.internalAdapter.findAccounts(s.user.id)).find(l=>l.providerId==="credential"&&l.password);if(!o||!o.password)throw new P("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(o.password,r))throw new P("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(o.id,{password:d}),n){await e.context.internalAdapter.deleteSessions(s.user.id);let l=await e.context.internalAdapter.createSession(s.user.id,e.headers);if(!l)throw new P("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await O(e,{session:l,user:s.user})}return e.json(s.user)}),bt=k("/set-password",{method:"POST",body:T.object({newPassword:T.string()}),metadata:{SERVER_ONLY:!0},use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new P("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new P("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(o=>o.providerId==="credential"&&o.password),u=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:u}),e.json(r.user);throw new P("BAD_REQUEST",{message:"user already has a password"})}),At=k("/delete-user",{method:"POST",body:T.object({password:T.string({description:"The password of the user"})}),use:[tt],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{let t=e.context.session;return await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),N(e),e.json(null)}),kt=k("/change-email",{method:"POST",query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({newEmail:T.string({description:"The new email to set"}).email(),callbackURL:T.string({description:"The URL to redirect to after email verification"}).optional()}),use:[_],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new P("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new P("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new P("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let s=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:s,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new P("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await V(e.context.secret,e.context.session.user.email,e.body.newEmail),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:n,token:r},e.request),e.json({user:null,status:!0})});var jr=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,xt=k("/error",{method:"GET",metadata:{...H,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string"}}}}}}}},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Nr(t),{headers:{"Content-Type":"text/html"}})});var vt=k("/ok",{method:"GET",metadata:{...H,openapi:{description:"Check if the API is working",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean"}}}}}}}}}},async e=>e.json({ok:!0}));import{z as K}from"zod";import{APIError as V}from"better-call";var Rt=()=>k("/sign-up/email",{method:"POST",query:K.object({currentURL:K.string().optional()}).optional(),body:K.record(K.string(),K.any()),metadata:{openapi:{description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["name","email","password"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},session:{type:"object"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new V("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:n,password:i,image:s,callbackURL:a,...u}=t;if(!K.string().email().safeParse(n).success)throw new V("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new V("BAD_REQUEST",{message:"Password is too short"});let c=e.context.password.config.maxPasswordLength;if(i.length>c)throw e.context.logger.error("Password is too long"),new V("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(n))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${n}`),new V("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let p=fe(e.context.options,u),m;try{if(m=await e.context.internalAdapter.createUser({email:n.toLowerCase(),name:r,image:s,...p,emailVerified:!1}),!m)throw new V("BAD_REQUEST",{message:"Failed to create user"})}catch(y){throw e.context.logger.error("Failed to create user",y),new V("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:y})}if(!m)throw new V("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let f=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:f}),e.context.options.emailVerification?.sendOnSignUp){let y=await F(e.context.secret,m.email),h=`${e.context.baseURL}/verify-email?token=${y}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:m,url:h,token:y},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:m,session:null});let g=await e.context.internalAdapter.createSession(m.id,e.request);if(!g)throw new V("BAD_REQUEST",{message:"Failed to create session"});return await O(e,{session:g,user:m}),e.json({user:m,session:g})});import{z as re}from"zod";import{APIError as Ut}from"better-call";var Tt=k("/list-accounts",{method:"GET",use:[_],metadata:{openapi:{description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},provider:{type:"string"}}}}}}}}}}},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(n=>({id:n.id,provider:n.providerId})))}),Et=k("/link-social",{method:"POST",requireHeaders:!0,query:re.object({currentURL:re.string().optional()}).optional(),body:re.object({callbackURL:re.string({description:"The URL to redirect to after the user has signed in"}).optional(),provider:re.enum(de,{description:"The OAuth2 provider to use"})}),use:[_],metadata:{openapi:{description:"Link a social account to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string"},redirect:{type:"boolean"}},required:["url","redirect"]}}}}}}}},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(u=>u.providerId===e.body.provider))throw new Ut("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(u=>u.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new Ut("NOT_FOUND",{message:"Provider not found"});let s=await se(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:s.state,codeVerifier:s.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function me(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(De)return r;let i=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],s=e instanceof Request?e.headers:e;for(let a of i){let u=s.get(a);if(typeof u=="string"){let o=u.split(",")[0].trim();if(o)return o}}return null}function jr(e,t,r){let n=Date.now(),i=t*1e3;return n-r.lastRequest<i&&r.count>=e}function Fr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Vr(e,t){let r=Date.now(),n=t*1e3;return Math.ceil((e+n-r)/1e3)}function $r(e,t){let r="rateLimit",n=e.adapter;return{get:async i=>await n.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,s,a)=>{try{a?await n.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:s.count,lastRequest:s.lastRequest}}):await n.create({model:t??"rateLimit",data:{key:i,count:s.count,lastRequest:s.lastRequest}})}catch(u){e.logger.error("Error setting rate limit",u)}}}}var It=new Map;function zr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let n=await e.options.secondaryStorage?.get(r);return n?JSON.parse(n):void 0},set:async(r,n)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(n))}}:e.rateLimit.storage==="memory"?{async get(r){return It.get(r)},async set(r,n,i){It.set(r,n)}}:$r(e,e.rateLimit.modelName)}async function Ot(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,n=e.url.replace(r,""),i=t.rateLimit.window,s=t.rateLimit.max,a=me(e,t.options)+n,o=Mr().find(p=>p.pathMatcher(n));o&&(i=o.window,s=o.max);for(let p of t.options.plugins||[])if(p.rateLimit){let m=p.rateLimit.find(f=>f.pathMatcher(n));if(m){i=m.window,s=m.max;break}}if(t.rateLimit.customRules){let p=t.rateLimit.customRules[n];p&&(i=p.window,s=p.max)}let d=zr(t),c=await d.get(a),l=Date.now();if(!c)await d.set(a,{key:a,count:1,lastRequest:l});else{let p=l-c.lastRequest;if(jr(s,i,c)){let m=Vr(c.lastRequest,i);return Fr(m)}else p>i*1e3?await d.set(a,{...c,count:1,lastRequest:l}):await d.set(a,{...c,count:c.count+1,lastRequest:l})}}function Mr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}import{APIError as $a}from"better-call";function Ue(e,t){let r=t.plugins?.reduce((u,o)=>({...u,...o.endpoints}),{}),n=t.plugins?.map(u=>u.middlewares?.map(o=>{let d=async c=>o.middleware({...c,context:{...e,...c.context}});return d.path=o.path,d.options=o.middleware.options,d.headers=o.middleware.headers,{path:o.path,middleware:d}})).filter(u=>u!==void 0).flat()||[],s={...{signInSocial:dt,callbackOAuth:ut,getSession:ke(),signOut:lt,signUpEmail:Rt(),signInEmail:ct,forgetPassword:ft,resetPassword:gt,verifyEmail:at,sendVerificationEmail:st,changeEmail:kt,changePassword:wt,setPassword:bt,updateUser:yt(),deleteUser:At,forgetPasswordCallback:mt,listSessions:rt(),revokeSession:nt,revokeSessions:ot,revokeOtherSessions:it,linkSocialAccount:Et,listUserAccounts:Tt},...r,ok:vt,error:xt},a={};for(let[u,o]of Object.entries(s))a[u]=async(d={})=>{o.headers=new Headers;let c={setHeader(y,h){o.headers.set(y,h)},setCookie(y,h,w){Wr(o.headers,y,h,w)},getCookie(y,h){let b=d.headers?.get("cookie");return Gr(b||"",y,h)},getSignedCookie(y,h,w){let b=d.headers;return b?Kr(b,h,y,w):null},async setSignedCookie(y,h,w,b){await Zr(o.headers,y,h,w,b)},redirect(y){return o.headers.set("Location",y),new M("FOUND")},responseHeader:o.headers},l=await e,p={...c,...d,path:o.path,context:{...l,...d.context,endpoint:o}};l.session=null;let m=t.plugins||[];for(let y of m){let h=y.hooks?.before??[];for(let w of h){if(!w.matcher(p))continue;let b=await w.handler(p);if(b&&"context"in b){p={...p,...b.context};continue}if(b)return b}}let f;try{f=await o(p)}catch(y){if(y instanceof M){let h=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!h?.length)throw y.headers=o.headers,y;p.context.returned=y,p.context.returned.headers=o.headers;for(let w of h||[])if(w.matcher(p))try{let U=await w.handler(p);U&&"response"in U&&(p.context.returned=U.response)}catch(U){if(U instanceof M){p.context.returned=U;continue}throw U}if(p.context.returned instanceof M)throw p.context.returned.headers=o.headers,p.context.returned;return p.context.returned}throw y}p.context.returned=f,p.responseHeader=o.headers;for(let y of t.plugins||[])if(y.hooks?.after){for(let h of y.hooks.after)if(h.matcher(p))try{let b=await h.handler(p);b&&(p.context.returned=b)}catch(b){if(b instanceof M){p.context.returned=b;continue}throw b}}let g=p.context.returned;return g instanceof Response&&o.headers.forEach((y,h)=>{h==="set-cookie"?g.headers.append(h,y):g.headers.set(h,y)}),g},a[u].path=o.path,a[u].method=o.method,a[u].options=o.options,a[u].headers=o.headers;return{api:a,middlewares:n}}var Pt=(e,t)=>{let{api:r,middlewares:n}=Ue(e,t),i=new URL(e.baseURL).pathname;return Hr(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:Se},...n],async onRequest(s){for(let a of e.options.plugins||[])if(a.onRequest){let u=await a.onRequest(s,e);if(u&&"response"in u)return u.response}return Ot(s,e)},async onResponse(s){for(let a of e.options.plugins||[])if(a.onResponse){let u=await a.onResponse(s,e);if(u)return u.response}return s},onError(s){if(s instanceof M&&s.status==="FOUND")return;if(t.onAPIError?.throw)throw s;if(t.onAPIError?.onError){t.onAPIError.onError(s,e);return}let a=t.logger?.level,u=a==="error"||a==="warn"||a==="debug"?E:void 0;if(t.logger?.disabled!==!0){if(s&&typeof s=="object"&&"message"in s&&typeof s.message=="string"&&(s.message.includes("no column")||s.message.includes("column")||s.message.includes("relation")||s.message.includes("table")||s.message.includes("does not exist"))){e.logger?.error(s.message),e.logger?.error("If you are seeing this error, it is likely that you need to run the migrations for the database or you need to update your database schema. If you recently updated the package, make sure to run the migrations.");return}s instanceof M?(s.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(s.status,s),u?.error(s.message)):e.logger?.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}})};import{defu as rn}from"defu";import{decodeHex as Qr,encodeHex as St}from"oslo/encoding";import{scryptAsync as Jr}from"@noble/hashes/scrypt";import{getRandomValues as Yr}from"uncrypto";var W={N:16384,r:16,p:1,dkLen:64};async function Lt(e,t){return await Jr(e.normalize("NFKC"),t,{N:W.N,p:W.p,r:W.r,dkLen:W.dkLen,maxmem:128*W.N*W.r*2})}var _t=async e=>{let t=St(Yr(new Uint8Array(16))),r=await Lt(e,t);return`${t}:${St(r)}`},Ct=async(e,t)=>{let[r,n]=e.split(":"),i=await Lt(t,r);return ge(i,Qr(n))};function Dt(e,t){let r=t.hooks;async function n(a,u,o){let d=a;for(let p of r||[]){let m=p[u]?.create?.before;if(m){let f=await m(a);if(f===!1)return null;typeof f=="object"&&"data"in f&&(d=f.data)}}let c=o?await o.fn(d):null,l=!o||o.executeMainFn?await e.create({model:u,data:d}):c;for(let p of r||[]){let m=p[u]?.create?.after;m&&await m(l)}return l}async function i(a,u,o,d){let c=a;for(let m of r||[]){let f=m[o]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.update({model:o,update:c,where:u}):l;for(let m of r||[]){let f=m[o]?.update?.after;f&&await f(p)}return p}async function s(a,u,o,d){let c=a;for(let m of r||[]){let f=m[o]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.updateMany({model:o,update:c,where:u}):l;for(let m of r||[]){let f=m[o]?.update?.after;f&&await f(p)}return p}return{createWithHooks:n,updateWithHooks:i,updateManyWithHooks:s}}var Te=(e,t)=>{let r=t.options,n=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,{createWithHooks:s,updateWithHooks:a,updateManyWithHooks:u}=Dt(e,t);return{createOAuthUser:async(o,d)=>{try{let c=await s({createdAt:new Date,updatedAt:new Date,...o},"user"),l=await s({...d,userId:c.id||o.id,createdAt:new Date,updatedAt:new Date},"account");return{user:c,account:l}}catch(c){return console.log(c),null}},createUser:async o=>await s({createdAt:new Date,updatedAt:new Date,emailVerified:!1,...o},"user"),createAccount:async o=>await s({createdAt:new Date,updatedAt:new Date,...o},"account"),listSessions:async o=>{if(n){let c=await n.get(`active-sessions-${o}`);if(!c)return[];let l=G(c)||[],p=Date.now(),m=l.filter(g=>g.expiresAt>p),f=[];for(let g of m){let y=await n.get(g.token);if(y){let h=JSON.parse(y),w=pe(t.options,{...h.session,expiresAt:new Date(h.session.expiresAt)});f.push(w)}}return f}return await e.findMany({model:"session",where:[{field:"userId",value:o}]})},listUsers:async(o,d,c,l)=>await e.findMany({model:"user",limit:o,offset:d,sortBy:c,where:l}),deleteUser:async o=>{await e.deleteMany({model:"session",where:[{field:"userId",value:o}]}),await e.deleteMany({model:"account",where:[{field:"userId",value:o}]}),await e.delete({model:"user",where:[{field:"id",value:o}]})},createSession:async(o,d,c,l)=>{let p=d instanceof Request?d.headers:d,{id:m,...f}=l||{},g={ipAddress:d&&me(d,t.options)||"",userAgent:p?.get("user-agent")||"",...f,expiresAt:c?D(60*60*24,"sec"):D(i,"sec"),userId:o,token:q(32),createdAt:new Date,updatedAt:new Date};return await s(g,"session",n?{fn:async()=>{let h=await e.findOne({model:"user",where:[{field:"id",value:o}]});n.set(g.token,JSON.stringify({session:g,user:h}),i);let w=await n.get(`active-sessions-${o}`),b=[],U=Date.now();return w&&(b=G(w)||[],b=b.filter(Kt=>Kt.expiresAt>U)),b.push({token:g.token,expiresAt:U+i*1e3}),await n.set(`active-sessions-${o}`,JSON.stringify(b),i),g},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async o=>{if(n){let p=await n.get(o);if(p){let m=JSON.parse(p),f=pe(t.options,{...m.session,expiresAt:new Date(m.session.expiresAt),createdAt:new Date(m.session.createdAt),updatedAt:new Date(m.session.updatedAt)}),g=Re(t.options,{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)});return{session:f,user:g}}}let d=await e.findOne({model:"session",where:[{value:o,field:"token"}]});if(!d)return null;let c=await e.findOne({model:"user",where:[{value:d.userId,field:"id"}]});if(!c)return null;let l=Re(t.options,c);return{session:pe(t.options,d),user:l}},findSessions:async o=>{if(n){let p=[];for(let m of o){let f=await n.get(m);if(f){let g=JSON.parse(f),y={session:{...g.session,expiresAt:new Date(g.session.expiresAt)},user:{...g.user,createdAt:new Date(g.user.createdAt),updatedAt:new Date(g.user.updatedAt)}};p.push(y)}}return p}let d=await e.findMany({model:"session",where:[{field:"token",value:o,operator:"in"}]}),c=d.map(p=>p.userId);if(!c.length)return[];let l=await e.findMany({model:"user",where:[{field:"id",value:c,operator:"in"}]});return d.map(p=>{let m=l.find(f=>f.id===p.userId);return m?{session:p,user:m}:null})},updateSession:async(o,d)=>await a(d,[{field:"token",value:o}],"session",n?{async fn(l){let p=await n.get(o),m=null;if(p){let f=JSON.parse(p);return m={...f.session,...l},await n.set(o,JSON.stringify({session:m,user:f.user}),f.session.expiresAt?Math.floor((f.session.expiresAt.getTime()-Date.now())/1e3):i),m}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async o=>{if(n){await n.delete(o),r.session?.storeSessionInDatabase&&await e.delete({model:"session",where:[{field:"token",value:o}]});return}await e.delete({model:"session",where:[{field:"token",value:o}]})},deleteSessions:async o=>{if(n){if(typeof o=="string"){let d=await n.get(`active-sessions-${o}`),c=d?G(d):[];if(!c)return;for(let l of c)await n.delete(l.token)}else for(let d of o)await n.get(d)&&await n.delete(d);r.session?.storeSessionInDatabase&&await e.deleteMany({model:"session",where:[{field:Array.isArray(o)?"token":"userId",value:o,operator:Array.isArray(o)?"in":void 0}]});return}await e.deleteMany({model:"session",where:[{field:Array.isArray(o)?"token":"userId",value:o,operator:Array.isArray(o)?"in":void 0}]})},findUserByEmail:async(o,d)=>{let c=await e.findOne({model:"user",where:[{value:o.toLowerCase(),field:"email"}]});if(!c)return null;if(d?.includeAccounts){let l=await e.findMany({model:"account",where:[{value:c.id,field:"userId"}]});return{user:c,accounts:l}}return{user:c,accounts:[]}},findUserById:async o=>await e.findOne({model:"user",where:[{field:"id",value:o}]}),linkAccount:async o=>await s({...o,createdAt:new Date,updatedAt:new Date},"account"),updateUser:async(o,d)=>await a(d,[{field:"id",value:o}],"user"),updateUserByEmail:async(o,d)=>await a(d,[{field:"email",value:o}],"user"),updatePassword:async(o,d)=>{await u({password:d},[{field:"userId",value:o},{field:"providerId",value:"credential"}],"account")},findAccounts:async o=>await e.findMany({model:"account",where:[{field:"userId",value:o}]}),findAccount:async o=>await e.findOne({model:"account",where:[{field:"accountId",value:o}]}),findAccountByUserId:async o=>await e.findMany({model:"account",where:[{field:"userId",value:o}]}),updateAccount:async(o,d)=>await a(d,[{field:"id",value:o}],"account"),createVerificationValue:async o=>await s({createdAt:new Date,updatedAt:new Date,...o},"verification"),findVerificationValue:async o=>(await e.findMany({model:"verification",where:[{field:"identifier",value:o}],sortBy:{field:"createdAt",direction:"desc"},limit:10}))[0],deleteVerificationValue:async o=>{await e.delete({model:"verification",where:[{field:"id",value:o}]})},deleteVerificationByIdentifier:async o=>{await e.delete({model:"verification",where:[{field:"identifier",value:o}]})},updateVerificationValue:async(o,d)=>await a(d,[{field:"id",value:o}],"verification")}};var $=e=>{let t=e.plugins?.reduce((o,d)=>{let c=d.schema;if(!c)return o;for(let[l,p]of Object.entries(c))o[l]={fields:{...o[l]?.fields,...p.fields},modelName:p.modelName||l};return o},{}),r=e.rateLimit?.storage==="database",n={rateLimit:{modelName:e.rateLimit?.modelName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:s,account:a,...u}=t||{};return{user:{modelName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{modelName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},token:{type:"string",required:!0,fieldName:e.session?.fields?.token||"token",unique:!0},createdAt:{type:"date",required:!0,fieldName:e.session?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.session?.fields?.updatedAt||"updatedAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...s?.fields,...e.session?.additionalFields},order:2},account:{modelName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},accessTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"accessTokenExpiresAt"},refreshTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"refreshTokenExpiresAt"},scope:{type:"string",required:!1,fieldName:e.account?.fields?.scope||"scope"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},createdAt:{type:"date",required:!0,fieldName:e.account?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.account?.fields?.updatedAt||"updatedAt"},...a?.fields},order:3},verification:{modelName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"},createdAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.updatedAt||"updatedAt"}},order:4},...u,...r?n:{}}};import{z as id}from"zod";import{Kysely as Bt,MssqlDialect as Xr}from"kysely";import{MysqlDialect as qt,PostgresDialect as Nt,SqliteDialect as jt}from"kysely";function Ft(e){if(!e)return null;if("dialect"in e)return Ft(e.dialect);if("createDriver"in e){if(e instanceof jt)return"sqlite";if(e instanceof qt)return"mysql";if(e instanceof Nt)return"postgres";if(e instanceof Xr)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var Ee=async e=>{let t=e.database;if(!t)return{kysely:null,databaseType:null};if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new Bt({dialect:t.dialect}),databaseType:t.type};let r,n=Ft(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new jt({database:t})),"getConnection"in t&&(r=new qt(t)),"connect"in t&&(r=new Nt({pool:t})),{kysely:r?new Bt({dialect:r}):null,databaseType:n}};var en=(e,t,r)=>{let n=$(t);function i(d,c){if(c==="id")return c;let l=n[d].fields[c];return l||console.log("Field not found",d,c),l.fieldName||c}function s(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"?d?1:0:m.type==="date"&&d&&d instanceof Date&&p==="sqlite"?d.toISOString():d}function a(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"&&d!==null?d===1:m.type==="date"&&d?new Date(d):d}function u(d){return n[d].modelName}let o=t?.advanced?.generateId===!1;return{transformInput(d,c,l){let p=o||l==="update"?{}:{id:d.id||(t.advanced?.generateId?t.advanced.generateId({model:c}):q())};for(let m in d){let f=n[c].fields[m];f&&(p[f.fieldName||m]=s(d[m],c,m))}return p},transformOutput(d,c,l=[]){if(!d)return null;let p=d.id?l.length===0||l.includes("id")?{id:d.id}:{}:{},m=n[c].fields;for(let f in m){if(l.length&&!l.includes(f))continue;let g=m[f];g&&(p[f]=a(d[g.fieldName||f],c,f))}return p},convertWhereClause(d,c){if(!c)return{and:null,or:null};let l={and:[],or:[]};return c.forEach(p=>{let{field:m,value:f,operator:g="=",connector:y="AND"}=p,h=i(d,m),w=b=>g.toLowerCase()==="in"?b(h,"in",Array.isArray(f)?f:[f]):g==="contains"?b(h,"like",`%${f}%`):g==="starts_with"?b(h,"like",`${f}%`):g==="ends_with"?b(h,"like",`%${f}`):g==="eq"?b(h,"=",f):g==="ne"?b(h,"<>",f):g==="gt"?b(h,">",f):g==="gte"?b(h,">=",f):g==="lt"?b(h,"<",f):g==="lte"?b(h,"<=",f):b(h,g,f);y==="OR"?l.or.push(w):l.and.push(w)}),{and:l.and.length?l.and:null,or:l.or.length?l.or:null}},async withReturning(d,c,l,p){let m;if(r?.type!=="mysql")m=await c.returningAll().executeTakeFirst();else{await c.execute();let f=d.id?"id":p[0].field?p[0].field:"id",g=d[f]||p[0].value;m=await e.selectFrom(u(l)).selectAll().where(i(l,f),"=",g).executeTakeFirst()}return m},getModelName:u,getField:i}},Vt=(e,t)=>r=>{let{transformInput:n,withReturning:i,transformOutput:s,convertWhereClause:a,getModelName:u,getField:o}=en(e,r,t);return{id:"kysely",async create(d){let{model:c,data:l,select:p}=d,m=n(l,c,"create"),f=e.insertInto(u(c)).values(m);return s(await i(m,f,c,[]),c,p)},async findOne(d){let{model:c,where:l,select:p}=d,{and:m,or:f}=a(c,l),g=e.selectFrom(u(c)).selectAll();m&&(g=g.where(h=>h.and(m.map(w=>w(h))))),f&&(g=g.where(h=>h.or(f.map(w=>w(h)))));let y=await g.executeTakeFirst();return y?s(y,c,p):null},async findMany(d){let{model:c,where:l,limit:p,offset:m,sortBy:f}=d,{and:g,or:y}=a(c,l),h=e.selectFrom(u(c));g&&(h=h.where(b=>b.and(g.map(U=>U(b))))),y&&(h=h.where(b=>b.or(y.map(U=>U(b))))),h=h.limit(p||100),m&&(h=h.offset(m)),f&&(h=h.orderBy(o(c,f.field),f.direction));let w=await h.selectAll().execute();return w?w.map(b=>s(b,c)):[]},async update(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),await s(await i(g,y,c,l),c)},async updateMany(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),(await y.execute()).length},async delete(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),await f.execute()},async deleteMany(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));return p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),(await f.execute()).length},options:t}};var tn=e=>{let t=$(e);function r(n,i){return i==="id"?i:t[n].fields[i].fieldName||i}return{transformInput(n,i,s){let a=s==="update"?{}:{id:n.id||(e.advanced?.generateId?e.advanced.generateId({model:i}):q())};for(let u in n){let o=t[i].fields[u];o&&(a[o.fieldName||u]=n[u])}return a},transformOutput(n,i,s=[]){if(!n)return null;let a=n.id||n._id?s.length===0||s.includes("id")?{id:n.id}:{}:{},u=t[i].fields;for(let o in u){if(s.length&&!s.includes(o))continue;let d=u[o];d&&(a[o]=n[d.fieldName||o])}return a},convertWhereClause(n,i,s){return i.filter(a=>n.every(u=>{let{field:o,value:d,operator:c}=u,l=r(s,o);if(c==="in"){if(!Array.isArray(d))throw new Error("Value must be an array");return d.includes(a[l])}else return c==="contains"?a[l].includes(d):c==="starts_with"?a[l].startsWith(d):c==="ends_with"?a[l].endsWith(d):a[l]===d}))},getField:r}},$t=e=>t=>{let{transformInput:r,transformOutput:n,convertWhereClause:i,getField:s}=tn(t);return{id:"memory",create:async({model:a,data:u})=>{let o=r(u,a,"create");return e[a].push(o),n(o,a)},findOne:async({model:a,where:u,select:o})=>{let d=e[a],l=i(u,d,a)[0]||null;return n(l,a,o)},findMany:async({model:a,where:u,sortBy:o,limit:d,offset:c})=>{let l=e[a];return u&&(l=i(u,l,a)),o&&(l=l.sort((p,m)=>{let f=s(a,o.field);return o.direction==="asc"?p[f]>m[f]?1:-1:p[f]<m[f]?1:-1})),c!==void 0&&(l=l.slice(c)),d!==void 0&&(l=l.slice(0,d)),l.map(p=>n(p,a))},update:async({model:a,where:u,update:o})=>{let d=e[a],c=i(u,d,a);return c.forEach(l=>{Object.assign(l,r(o,a,"update"))}),n(c[0],a)},delete:async({model:a,where:u})=>{let o=e[a],d=i(u,o,a);e[a]=o.filter(c=>!d.includes(c))},deleteMany:async({model:a,where:u})=>{let o=e[a],d=i(u,o,a),c=0;return e[a]=o.filter(l=>d.includes(l)?(c++,!1):!d.includes(l)),c},updateMany(a){let{model:u,where:o,update:d}=a,c=e[u],l=i(o,c,u);return l.forEach(p=>{Object.assign(p,d)}),l[0]||null}}};async function zt(e){if(!e.database){let n=$(e),i=Object.keys(n).reduce((s,a)=>(s[a]=[],s),{});return E.warn("No database configuration provided. Using memory adapter in development"),$t(i)(e)}if(typeof e.database=="function")return e.database(e);let{kysely:t,databaseType:r}=await Ee(e);if(!t)throw new L("Failed to initialize database adapter");return Vt(t,{type:r||"sqlite"})(e)}var Ie="better-auth-secret-123456789";import{APIError as Mt}from"better-call";async function Ht(e,t){let n=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=n?.password;if(!n||!i)throw new Mt("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(i,t.body.password))throw new Mt("BAD_REQUEST",{message:"Invalid password"});return!0}var Gt=async e=>{let t=await zt(e),r=e.plugins||[],n=on(e),i=ae(e.logger),s=Y(e.baseURL,e.basePath),a=e.secret||P.BETTER_AUTH_SECRET||P.AUTH_SECRET||Ie;a===Ie&&J&&i.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:s?new URL(s).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(n),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let u=Be(e),o=$(e),d=Object.keys(e.socialProviders||{}).map(m=>{let f=e.socialProviders?.[m];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&i.warn(`Social provider ${m} is missing clientId or clientSecret`),Ae[m](f))}).filter(m=>m!==null),c=({model:m,size:f})=>typeof e?.advanced?.generateId=="function"?e.advanced.generateId({model:m,size:f}):q(f),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:o,trustedOrigins:sn(e),baseURL:s||"",sessionConfig:{updateAge:e.session?.updateAge!==void 0?e.session.updateAge:24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7,freshAge:e.session?.freshAge||60*5},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??J,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:u,logger:i,generateId:c,session:null,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||_t,verify:e.emailAndPassword?.password?.verify||Ct,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:Ht},adapter:t,internalAdapter:Te(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[],generateId:c}),createAuthCookie:he(e)},{context:p}=nn(l);return p};function nn(e){let t=e.options,r=t.plugins||[],n=e,i=[];for(let s of r)if(s.init){let a=s.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=rn(t,a.options)),a.context&&(n={...n,...a.context}))}return i.push(t.databaseHooks),n.internalAdapter=Te(e.adapter,{options:t,hooks:i.filter(s=>s!==void 0),generateId:e.generateId}),n.options=t,{context:n}}function on(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function sn(e){let t=Y(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let n=P.BETTER_AUTH_TRUSTED_ORIGINS;return n&&r.push(...n.split(",")),r}var pc=e=>{let t=Gt(e),{api:r}=Ue(t,e);return{handler:async n=>{let i=await t,s=i.options.basePath||"/api/auth",a=new URL(n.url);if(!i.options.baseURL){let o=Y(void 0,s)||`${a.origin}${s}`;i.options.baseURL=o,i.baseURL=o}i.trustedOrigins=[...e.trustedOrigins||[],i.baseURL,a.origin];let{handler:u}=Pt(i,e);return u(n)},api:r,options:e,$context:t,$Infer:{}}};export{L as BetterAuthError,H as HIDE_METADATA,_e as MissingDependencyError,pc as betterAuth,Lo as capitalizeFirstLetter,he as createCookieGetter,ae as createLogger,N as deleteSessionCookie,q as generateId,se as generateState,Be as getCookies,we as levels,E as logger,In as parseCookies,An as parseSetCookieHeader,Ve as parseState,O as setSessionCookie,wr as shouldPublishLog};
+</html>`,xt=k("/error",{method:"GET",metadata:{...H,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string"}}}}}}}},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(jr(t),{headers:{"Content-Type":"text/html"}})});var vt=k("/ok",{method:"GET",metadata:{...H,openapi:{description:"Check if the API is working",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean"}}}}}}}}}},async e=>e.json({ok:!0}));import{z as K}from"zod";import{APIError as F}from"better-call";var Rt=()=>k("/sign-up/email",{method:"POST",query:K.object({currentURL:K.string().optional()}).optional(),body:K.record(K.string(),K.any()),metadata:{openapi:{description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["name","email","password"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},session:{type:"object"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new F("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:n,password:s,image:i,callbackURL:a,...u}=t;if(!K.string().email().safeParse(n).success)throw new F("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(s.length<d)throw e.context.logger.error("Password is too short"),new F("BAD_REQUEST",{message:"Password is too short"});let c=e.context.password.config.maxPasswordLength;if(s.length>c)throw e.context.logger.error("Password is too long"),new F("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(n))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${n}`),new F("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let p=fe(e.context.options,u),m;try{if(m=await e.context.internalAdapter.createUser({email:n.toLowerCase(),name:r,image:i,...p,emailVerified:!1}),!m)throw new F("BAD_REQUEST",{message:"Failed to create user"})}catch(y){throw e.context.logger.error("Failed to create user",y),new F("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:y})}if(!m)throw new F("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let f=await e.context.password.hash(s);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:f}),e.context.options.emailVerification?.sendOnSignUp){let y=await V(e.context.secret,m.email),h=`${e.context.baseURL}/verify-email?token=${y}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:m,url:h,token:y},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:m,session:null});let g=await e.context.internalAdapter.createSession(m.id,e.request);if(!g)throw new F("BAD_REQUEST",{message:"Failed to create session"});return await O(e,{session:g,user:m}),e.json({user:m,session:g})});import{z as ne}from"zod";import{APIError as Ut}from"better-call";var Tt=k("/list-accounts",{method:"GET",use:[_],metadata:{openapi:{description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},provider:{type:"string"}}}}}}}}}}},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(n=>({id:n.id,provider:n.providerId})))}),Et=k("/link-social",{method:"POST",requireHeaders:!0,query:ne.object({currentURL:ne.string().optional()}).optional(),body:ne.object({callbackURL:ne.string({description:"The URL to redirect to after the user has signed in"}).optional(),provider:ne.enum(ce,{description:"The OAuth2 provider to use"})}),use:[_],metadata:{openapi:{description:"Link a social account to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string"},redirect:{type:"boolean"}},required:["url","redirect"]}}}}}}}},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(u=>u.providerId===e.body.provider))throw new Ut("BAD_REQUEST",{message:"Social Account is already linked."});let s=e.context.socialProviders.find(u=>u.id===e.body.provider);if(!s)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new Ut("NOT_FOUND",{message:"Provider not found"});let i=await ae(e,{userId:t.user.id,email:t.user.email}),a=await s.createAuthorizationURL({state:i.state,codeVerifier:i.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${s.id}`});return e.json({url:a.toString(),redirect:!0})});function me(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(De)return r;let s=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],i=e instanceof Request?e.headers:e;for(let a of s){let u=i.get(a);if(typeof u=="string"){let o=u.split(",")[0].trim();if(o)return o}}return null}function Vr(e,t,r){let n=Date.now(),s=t*1e3;return n-r.lastRequest<s&&r.count>=e}function Fr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function $r(e,t){let r=Date.now(),n=t*1e3;return Math.ceil((e+n-r)/1e3)}function zr(e,t){let r="rateLimit",n=e.adapter;return{get:async s=>await n.findOne({model:r,where:[{field:"key",value:s}]}),set:async(s,i,a)=>{try{a?await n.update({model:t??"rateLimit",where:[{field:"key",value:s}],update:{count:i.count,lastRequest:i.lastRequest}}):await n.create({model:t??"rateLimit",data:{key:s,count:i.count,lastRequest:i.lastRequest}})}catch(u){e.logger.error("Error setting rate limit",u)}}}}var It=new Map;function Mr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let n=await e.options.secondaryStorage?.get(r);return n?JSON.parse(n):void 0},set:async(r,n)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(n))}}:e.rateLimit.storage==="memory"?{async get(r){return It.get(r)},async set(r,n,s){It.set(r,n)}}:zr(e,e.rateLimit.modelName)}async function Ot(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,n=e.url.replace(r,""),s=t.rateLimit.window,i=t.rateLimit.max,a=me(e,t.options)+n,o=Hr().find(p=>p.pathMatcher(n));o&&(s=o.window,i=o.max);for(let p of t.options.plugins||[])if(p.rateLimit){let m=p.rateLimit.find(f=>f.pathMatcher(n));if(m){s=m.window,i=m.max;break}}if(t.rateLimit.customRules){let p=t.rateLimit.customRules[n];p&&(s=p.window,i=p.max)}let d=Mr(t),c=await d.get(a),l=Date.now();if(!c)await d.set(a,{key:a,count:1,lastRequest:l});else{let p=l-c.lastRequest;if(Vr(i,s,c)){let m=$r(c.lastRequest,s);return Fr(m)}else p>s*1e3?await d.set(a,{...c,count:1,lastRequest:l}):await d.set(a,{...c,count:c.count+1,lastRequest:l})}}function Hr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}import{APIError as za}from"better-call";function Ue(e,t){let r=t.plugins?.reduce((u,o)=>({...u,...o.endpoints}),{}),n=t.plugins?.map(u=>u.middlewares?.map(o=>{let d=async c=>o.middleware({...c,context:{...e,...c.context}});return d.path=o.path,d.options=o.middleware.options,d.headers=o.middleware.headers,{path:o.path,middleware:d}})).filter(u=>u!==void 0).flat()||[],i={...{signInSocial:dt,callbackOAuth:ut,getSession:ke(),signOut:lt,signUpEmail:Rt(),signInEmail:ct,forgetPassword:ft,resetPassword:gt,verifyEmail:at,sendVerificationEmail:st,changeEmail:kt,changePassword:wt,setPassword:bt,updateUser:yt(),deleteUser:At,forgetPasswordCallback:mt,listSessions:rt(),revokeSession:nt,revokeSessions:ot,revokeOtherSessions:it,linkSocialAccount:Et,listUserAccounts:Tt},...r,ok:vt,error:xt},a={};for(let[u,o]of Object.entries(i))a[u]=async(d={})=>{o.headers=new Headers;let c={setHeader(y,h){o.headers.set(y,h)},setCookie(y,h,w){Qr(o.headers,y,h,w)},getCookie(y,h){let b=d.headers?.get("cookie");return Kr(b||"",y,h)},getSignedCookie(y,h,w){let b=d.headers;return b?Wr(b,h,y,w):null},async setSignedCookie(y,h,w,b){await Zr(o.headers,y,h,w,b)},redirect(y){return o.headers.set("Location",y),new M("FOUND")},responseHeader:o.headers},l=await e,p={...c,...d,path:o.path,context:{...l,...d.context,endpoint:o}};l.session=null;let m=t.plugins||[];for(let y of m){let h=y.hooks?.before??[];for(let w of h){if(!w.matcher(p))continue;let b=await w.handler(p);if(b&&"context"in b){p={...p,...b.context};continue}if(b)return b}}let f;try{f=await o(p)}catch(y){if(y instanceof M){let h=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!h?.length)throw y.headers=o.headers,y;p.context.returned=y,p.context.returned.headers=o.headers;for(let w of h||[])if(w.matcher(p))try{let U=await w.handler(p);U&&"response"in U&&(p.context.returned=U.response)}catch(U){if(U instanceof M){p.context.returned=U;continue}throw U}if(p.context.returned instanceof M)throw p.context.returned.headers=o.headers,p.context.returned;return p.context.returned}throw y}p.context.returned=f,p.responseHeader=o.headers;for(let y of t.plugins||[])if(y.hooks?.after){for(let h of y.hooks.after)if(h.matcher(p))try{let b=await h.handler(p);b&&(p.context.returned=b)}catch(b){if(b instanceof M){p.context.returned=b;continue}throw b}}let g=p.context.returned;return g instanceof Response&&o.headers.forEach((y,h)=>{h==="set-cookie"?g.headers.append(h,y):g.headers.set(h,y)}),g},a[u].path=o.path,a[u].method=o.method,a[u].options=o.options,a[u].headers=o.headers;return{api:a,middlewares:n}}var St=(e,t)=>{let{api:r,middlewares:n}=Ue(e,t),s=new URL(e.baseURL).pathname;return Gr(r,{extraContext:e,basePath:s,routerMiddleware:[{path:"/**",middleware:Pe},...n],async onRequest(i){for(let a of e.options.plugins||[])if(a.onRequest){let u=await a.onRequest(i,e);if(u&&"response"in u)return u.response}return Ot(i,e)},async onResponse(i){for(let a of e.options.plugins||[])if(a.onResponse){let u=await a.onResponse(i,e);if(u)return u.response}return i},onError(i){if(i instanceof M&&i.status==="FOUND")return;if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let a=t.logger?.level,u=a==="error"||a==="warn"||a==="debug"?E:void 0;if(t.logger?.disabled!==!0){if(i&&typeof i=="object"&&"message"in i&&typeof i.message=="string"&&(i.message.includes("no column")||i.message.includes("column")||i.message.includes("relation")||i.message.includes("table")||i.message.includes("does not exist"))){e.logger?.error(i.message),e.logger?.error("If you are seeing this error, it is likely that you need to run the migrations for the database or you need to update your database schema. If you recently updated the package, make sure to run the migrations.");return}i instanceof M?(i.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(i.status,i),u?.error(i.message)):e.logger?.error(i&&typeof i=="object"&&"name"in i?i.name:"",i)}}})};import{defu as nn}from"defu";import{decodeHex as Jr,encodeHex as Pt}from"oslo/encoding";import{scryptAsync as Yr}from"@noble/hashes/scrypt";import{getRandomValues as Xr}from"uncrypto";var W={N:16384,r:16,p:1,dkLen:64};async function Lt(e,t){return await Yr(e.normalize("NFKC"),t,{N:W.N,p:W.p,r:W.r,dkLen:W.dkLen,maxmem:128*W.N*W.r*2})}var _t=async e=>{let t=Pt(Xr(new Uint8Array(16))),r=await Lt(e,t);return`${t}:${Pt(r)}`},Ct=async(e,t)=>{let[r,n]=e.split(":"),s=await Lt(t,r);return ge(s,Jr(n))};function Dt(e,t){let r=t.hooks;async function n(a,u,o){let d=a;for(let p of r||[]){let m=p[u]?.create?.before;if(m){let f=await m(a);if(f===!1)return null;typeof f=="object"&&"data"in f&&(d=f.data)}}let c=o?await o.fn(d):null,l=!o||o.executeMainFn?await e.create({model:u,data:d}):c;for(let p of r||[]){let m=p[u]?.create?.after;m&&await m(l)}return l}async function s(a,u,o,d){let c=a;for(let m of r||[]){let f=m[o]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.update({model:o,update:c,where:u}):l;for(let m of r||[]){let f=m[o]?.update?.after;f&&await f(p)}return p}async function i(a,u,o,d){let c=a;for(let m of r||[]){let f=m[o]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.updateMany({model:o,update:c,where:u}):l;for(let m of r||[]){let f=m[o]?.update?.after;f&&await f(p)}return p}return{createWithHooks:n,updateWithHooks:s,updateManyWithHooks:i}}var Te=(e,t)=>{let r=t.options,n=r.secondaryStorage,s=r.session?.expiresIn||60*60*24*7,{createWithHooks:i,updateWithHooks:a,updateManyWithHooks:u}=Dt(e,t);return{createOAuthUser:async(o,d)=>{try{let c=await i({createdAt:new Date,updatedAt:new Date,...o},"user"),l=await i({...d,userId:c.id||o.id,createdAt:new Date,updatedAt:new Date},"account");return{user:c,account:l}}catch(c){return console.log(c),null}},createUser:async o=>await i({createdAt:new Date,updatedAt:new Date,emailVerified:!1,...o},"user"),createAccount:async o=>await i({createdAt:new Date,updatedAt:new Date,...o},"account"),listSessions:async o=>{if(n){let c=await n.get(`active-sessions-${o}`);if(!c)return[];let l=G(c)||[],p=Date.now(),m=l.filter(g=>g.expiresAt>p),f=[];for(let g of m){let y=await n.get(g.token);if(y){let h=JSON.parse(y),w=pe(t.options,{...h.session,expiresAt:new Date(h.session.expiresAt)});f.push(w)}}return f}return await e.findMany({model:"session",where:[{field:"userId",value:o}]})},listUsers:async(o,d,c,l)=>await e.findMany({model:"user",limit:o,offset:d,sortBy:c,where:l}),deleteUser:async o=>{await e.deleteMany({model:"session",where:[{field:"userId",value:o}]}),await e.deleteMany({model:"account",where:[{field:"userId",value:o}]}),await e.delete({model:"user",where:[{field:"id",value:o}]})},createSession:async(o,d,c,l)=>{let p=d instanceof Request?d.headers:d,{id:m,...f}=l||{},g={ipAddress:d&&me(d,t.options)||"",userAgent:p?.get("user-agent")||"",...f,expiresAt:c?D(60*60*24,"sec"):D(s,"sec"),userId:o,token:q(32),createdAt:new Date,updatedAt:new Date};return await i(g,"session",n?{fn:async()=>{let h=await e.findOne({model:"user",where:[{field:"id",value:o}]});n.set(g.token,JSON.stringify({session:g,user:h}),s);let w=await n.get(`active-sessions-${o}`),b=[],U=Date.now();return w&&(b=G(w)||[],b=b.filter(Kt=>Kt.expiresAt>U)),b.push({token:g.token,expiresAt:U+s*1e3}),await n.set(`active-sessions-${o}`,JSON.stringify(b),s),g},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async o=>{if(n){let p=await n.get(o);if(p){let m=JSON.parse(p),f=pe(t.options,{...m.session,expiresAt:new Date(m.session.expiresAt),createdAt:new Date(m.session.createdAt),updatedAt:new Date(m.session.updatedAt)}),g=Re(t.options,{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)});return{session:f,user:g}}}let d=await e.findOne({model:"session",where:[{value:o,field:"token"}]});if(!d)return null;let c=await e.findOne({model:"user",where:[{value:d.userId,field:"id"}]});if(!c)return null;let l=Re(t.options,c);return{session:pe(t.options,d),user:l}},findSessions:async o=>{if(n){let p=[];for(let m of o){let f=await n.get(m);if(f){let g=JSON.parse(f),y={session:{...g.session,expiresAt:new Date(g.session.expiresAt)},user:{...g.user,createdAt:new Date(g.user.createdAt),updatedAt:new Date(g.user.updatedAt)}};p.push(y)}}return p}let d=await e.findMany({model:"session",where:[{field:"token",value:o,operator:"in"}]}),c=d.map(p=>p.userId);if(!c.length)return[];let l=await e.findMany({model:"user",where:[{field:"id",value:c,operator:"in"}]});return d.map(p=>{let m=l.find(f=>f.id===p.userId);return m?{session:p,user:m}:null})},updateSession:async(o,d)=>await a(d,[{field:"token",value:o}],"session",n?{async fn(l){let p=await n.get(o),m=null;if(p){let f=JSON.parse(p);return m={...f.session,...l},await n.set(o,JSON.stringify({session:m,user:f.user}),f.session.expiresAt?Math.floor((f.session.expiresAt.getTime()-Date.now())/1e3):s),m}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async o=>{if(n){await n.delete(o),r.session?.storeSessionInDatabase&&await e.delete({model:"session",where:[{field:"token",value:o}]});return}await e.delete({model:"session",where:[{field:"token",value:o}]})},deleteSessions:async o=>{if(n){if(typeof o=="string"){let d=await n.get(`active-sessions-${o}`),c=d?G(d):[];if(!c)return;for(let l of c)await n.delete(l.token)}else for(let d of o)await n.get(d)&&await n.delete(d);r.session?.storeSessionInDatabase&&await e.deleteMany({model:"session",where:[{field:Array.isArray(o)?"token":"userId",value:o,operator:Array.isArray(o)?"in":void 0}]});return}await e.deleteMany({model:"session",where:[{field:Array.isArray(o)?"token":"userId",value:o,operator:Array.isArray(o)?"in":void 0}]})},findUserByEmail:async(o,d)=>{let c=await e.findOne({model:"user",where:[{value:o.toLowerCase(),field:"email"}]});if(!c)return null;if(d?.includeAccounts){let l=await e.findMany({model:"account",where:[{value:c.id,field:"userId"}]});return{user:c,accounts:l}}return{user:c,accounts:[]}},findUserById:async o=>await e.findOne({model:"user",where:[{field:"id",value:o}]}),linkAccount:async o=>await i({...o,createdAt:new Date,updatedAt:new Date},"account"),updateUser:async(o,d)=>await a(d,[{field:"id",value:o}],"user"),updateUserByEmail:async(o,d)=>await a(d,[{field:"email",value:o}],"user"),updatePassword:async(o,d)=>{await u({password:d},[{field:"userId",value:o},{field:"providerId",value:"credential"}],"account")},findAccounts:async o=>await e.findMany({model:"account",where:[{field:"userId",value:o}]}),findAccount:async o=>await e.findOne({model:"account",where:[{field:"accountId",value:o}]}),findAccountByUserId:async o=>await e.findMany({model:"account",where:[{field:"userId",value:o}]}),updateAccount:async(o,d)=>await a(d,[{field:"id",value:o}],"account"),createVerificationValue:async o=>await i({createdAt:new Date,updatedAt:new Date,...o},"verification"),findVerificationValue:async o=>(await e.findMany({model:"verification",where:[{field:"identifier",value:o}],sortBy:{field:"createdAt",direction:"desc"},limit:10}))[0],deleteVerificationValue:async o=>{await e.delete({model:"verification",where:[{field:"id",value:o}]})},deleteVerificationByIdentifier:async o=>{await e.delete({model:"verification",where:[{field:"identifier",value:o}]})},updateVerificationValue:async(o,d)=>await a(d,[{field:"id",value:o}],"verification")}};var $=e=>{let t=e.plugins?.reduce((o,d)=>{let c=d.schema;if(!c)return o;for(let[l,p]of Object.entries(c))o[l]={fields:{...o[l]?.fields,...p.fields},modelName:p.modelName||l};return o},{}),r=e.rateLimit?.storage==="database",n={rateLimit:{modelName:e.rateLimit?.modelName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:s,session:i,account:a,...u}=t||{};return{user:{modelName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...s?.fields,...e.user?.additionalFields},order:1},session:{modelName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},token:{type:"string",required:!0,fieldName:e.session?.fields?.token||"token",unique:!0},createdAt:{type:"date",required:!0,fieldName:e.session?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.session?.fields?.updatedAt||"updatedAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...i?.fields,...e.session?.additionalFields},order:2},account:{modelName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},accessTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"accessTokenExpiresAt"},refreshTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"refreshTokenExpiresAt"},scope:{type:"string",required:!1,fieldName:e.account?.fields?.scope||"scope"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},createdAt:{type:"date",required:!0,fieldName:e.account?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.account?.fields?.updatedAt||"updatedAt"},...a?.fields},order:3},verification:{modelName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"},createdAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.updatedAt||"updatedAt"}},order:4},...u,...r?n:{}}};import{z as sd}from"zod";import{Kysely as Bt,MssqlDialect as en}from"kysely";import{MysqlDialect as qt,PostgresDialect as Nt,SqliteDialect as jt}from"kysely";function Vt(e){if(!e)return null;if("dialect"in e)return Vt(e.dialect);if("createDriver"in e){if(e instanceof jt)return"sqlite";if(e instanceof qt)return"mysql";if(e instanceof Nt)return"postgres";if(e instanceof en)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var Ee=async e=>{let t=e.database;if(!t)return{kysely:null,databaseType:null};if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new Bt({dialect:t.dialect}),databaseType:t.type};let r,n=Vt(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new jt({database:t})),"getConnection"in t&&(r=new qt(t)),"connect"in t&&(r=new Nt({pool:t})),{kysely:r?new Bt({dialect:r}):null,databaseType:n}};var tn=(e,t,r)=>{let n=$(t);function s(d,c){if(c==="id")return c;let l=n[d].fields[c];return l||console.log("Field not found",d,c),l.fieldName||c}function i(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"?d?1:0:m.type==="date"&&d&&d instanceof Date&&p==="sqlite"?d.toISOString():d}function a(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"&&d!==null?d===1:m.type==="date"&&d?new Date(d):d}function u(d){return n[d].modelName}let o=t?.advanced?.generateId===!1;return{transformInput(d,c,l){let p=o||l==="update"?{}:{id:d.id||(t.advanced?.generateId?t.advanced.generateId({model:c}):q())};for(let m in d){let f=n[c].fields[m];f&&(p[f.fieldName||m]=i(d[m],c,m))}return p},transformOutput(d,c,l=[]){if(!d)return null;let p=d.id?l.length===0||l.includes("id")?{id:d.id}:{}:{},m=n[c].fields;for(let f in m){if(l.length&&!l.includes(f))continue;let g=m[f];g&&(p[f]=a(d[g.fieldName||f],c,f))}return p},convertWhereClause(d,c){if(!c)return{and:null,or:null};let l={and:[],or:[]};return c.forEach(p=>{let{field:m,value:f,operator:g="=",connector:y="AND"}=p,h=s(d,m),w=b=>g.toLowerCase()==="in"?b(h,"in",Array.isArray(f)?f:[f]):g==="contains"?b(h,"like",`%${f}%`):g==="starts_with"?b(h,"like",`${f}%`):g==="ends_with"?b(h,"like",`%${f}`):g==="eq"?b(h,"=",f):g==="ne"?b(h,"<>",f):g==="gt"?b(h,">",f):g==="gte"?b(h,">=",f):g==="lt"?b(h,"<",f):g==="lte"?b(h,"<=",f):b(h,g,f);y==="OR"?l.or.push(w):l.and.push(w)}),{and:l.and.length?l.and:null,or:l.or.length?l.or:null}},async withReturning(d,c,l,p){let m;if(r?.type!=="mysql")m=await c.returningAll().executeTakeFirst();else{await c.execute();let f=d.id?"id":p[0].field?p[0].field:"id",g=d[f]||p[0].value;m=await e.selectFrom(u(l)).selectAll().where(s(l,f),"=",g).executeTakeFirst()}return m},getModelName:u,getField:s}},Ft=(e,t)=>r=>{let{transformInput:n,withReturning:s,transformOutput:i,convertWhereClause:a,getModelName:u,getField:o}=tn(e,r,t);return{id:"kysely",async create(d){let{model:c,data:l,select:p}=d,m=n(l,c,"create"),f=e.insertInto(u(c)).values(m);return i(await s(m,f,c,[]),c,p)},async findOne(d){let{model:c,where:l,select:p}=d,{and:m,or:f}=a(c,l),g=e.selectFrom(u(c)).selectAll();m&&(g=g.where(h=>h.and(m.map(w=>w(h))))),f&&(g=g.where(h=>h.or(f.map(w=>w(h)))));let y=await g.executeTakeFirst();return y?i(y,c,p):null},async findMany(d){let{model:c,where:l,limit:p,offset:m,sortBy:f}=d,{and:g,or:y}=a(c,l),h=e.selectFrom(u(c));g&&(h=h.where(b=>b.and(g.map(U=>U(b))))),y&&(h=h.where(b=>b.or(y.map(U=>U(b))))),h=h.limit(p||100),m&&(h=h.offset(m)),f&&(h=h.orderBy(o(c,f.field),f.direction));let w=await h.selectAll().execute();return w?w.map(b=>i(b,c)):[]},async update(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),await i(await s(g,y,c,l),c)},async updateMany(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),(await y.execute()).length},async delete(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),await f.execute()},async deleteMany(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));return p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),(await f.execute()).length},options:t}};var rn=e=>{let t=$(e);function r(n,s){return s==="id"?s:t[n].fields[s].fieldName||s}return{transformInput(n,s,i){let a=i==="update"?{}:{id:n.id||(e.advanced?.generateId?e.advanced.generateId({model:s}):q())};for(let u in n){let o=t[s].fields[u];o&&(a[o.fieldName||u]=n[u])}return a},transformOutput(n,s,i=[]){if(!n)return null;let a=n.id||n._id?i.length===0||i.includes("id")?{id:n.id}:{}:{},u=t[s].fields;for(let o in u){if(i.length&&!i.includes(o))continue;let d=u[o];d&&(a[o]=n[d.fieldName||o])}return a},convertWhereClause(n,s,i){return s.filter(a=>n.every(u=>{let{field:o,value:d,operator:c}=u,l=r(i,o);if(c==="in"){if(!Array.isArray(d))throw new Error("Value must be an array");return d.includes(a[l])}else return c==="contains"?a[l].includes(d):c==="starts_with"?a[l].startsWith(d):c==="ends_with"?a[l].endsWith(d):a[l]===d}))},getField:r}},$t=e=>t=>{let{transformInput:r,transformOutput:n,convertWhereClause:s,getField:i}=rn(t);return{id:"memory",create:async({model:a,data:u})=>{let o=r(u,a,"create");return e[a].push(o),n(o,a)},findOne:async({model:a,where:u,select:o})=>{let d=e[a],l=s(u,d,a)[0]||null;return n(l,a,o)},findMany:async({model:a,where:u,sortBy:o,limit:d,offset:c})=>{let l=e[a];return u&&(l=s(u,l,a)),o&&(l=l.sort((p,m)=>{let f=i(a,o.field);return o.direction==="asc"?p[f]>m[f]?1:-1:p[f]<m[f]?1:-1})),c!==void 0&&(l=l.slice(c)),d!==void 0&&(l=l.slice(0,d)),l.map(p=>n(p,a))},update:async({model:a,where:u,update:o})=>{let d=e[a],c=s(u,d,a);return c.forEach(l=>{Object.assign(l,r(o,a,"update"))}),n(c[0],a)},delete:async({model:a,where:u})=>{let o=e[a],d=s(u,o,a);e[a]=o.filter(c=>!d.includes(c))},deleteMany:async({model:a,where:u})=>{let o=e[a],d=s(u,o,a),c=0;return e[a]=o.filter(l=>d.includes(l)?(c++,!1):!d.includes(l)),c},updateMany(a){let{model:u,where:o,update:d}=a,c=e[u],l=s(o,c,u);return l.forEach(p=>{Object.assign(p,d)}),l[0]||null}}};async function zt(e){if(!e.database){let n=$(e),s=Object.keys(n).reduce((i,a)=>(i[a]=[],i),{});return E.warn("No database configuration provided. Using memory adapter in development"),$t(s)(e)}if(typeof e.database=="function")return e.database(e);let{kysely:t,databaseType:r}=await Ee(e);if(!t)throw new L("Failed to initialize database adapter");return Ft(t,{type:r||"sqlite"})(e)}var Ie="better-auth-secret-123456789";import{APIError as Mt}from"better-call";async function Ht(e,t){let n=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),s=n?.password;if(!n||!s)throw new Mt("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(s,t.body.password))throw new Mt("BAD_REQUEST",{message:"Invalid password"});return!0}var Gt=async e=>{let t=await zt(e),r=e.plugins||[],n=sn(e),s=de(e.logger),i=Y(e.baseURL,e.basePath),a=e.secret||S.BETTER_AUTH_SECRET||S.AUTH_SECRET||Ie;a===Ie&&J&&s.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:i?new URL(i).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(n),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let u=Be(e),o=$(e),d=Object.keys(e.socialProviders||{}).map(m=>{let f=e.socialProviders?.[m];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&s.warn(`Social provider ${m} is missing clientId or clientSecret`),Ae[m](f))}).filter(m=>m!==null),c=({model:m,size:f})=>typeof e?.advanced?.generateId=="function"?e.advanced.generateId({model:m,size:f}):q(f),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:o,trustedOrigins:an(e),baseURL:i||"",sessionConfig:{updateAge:e.session?.updateAge!==void 0?e.session.updateAge:24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7,freshAge:e.session?.freshAge||60*5},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??J,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:u,logger:s,generateId:c,session:null,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||_t,verify:e.emailAndPassword?.password?.verify||Ct,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:Ht},adapter:t,internalAdapter:Te(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[],generateId:c}),createAuthCookie:he(e)},{context:p}=on(l);return p};function on(e){let t=e.options,r=t.plugins||[],n=e,s=[];for(let i of r)if(i.init){let a=i.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&s.push(a.options.databaseHooks),t=nn(t,a.options)),a.context&&(n={...n,...a.context}))}return s.push(t.databaseHooks),n.internalAdapter=Te(e.adapter,{options:t,hooks:s.filter(i=>i!==void 0),generateId:e.generateId}),n.options=t,{context:n}}function sn(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function an(e){let t=Y(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let n=S.BETTER_AUTH_TRUSTED_ORIGINS;return n&&r.push(...n.split(",")),r}var fc=e=>{let t=Gt(e),{api:r}=Ue(t,e);return{handler:async n=>{let s=await t,i=s.options.basePath||"/api/auth",a=new URL(n.url);if(!s.options.baseURL){let o=Y(void 0,i)||`${a.origin}${i}`;s.options.baseURL=o,s.baseURL=o}s.trustedOrigins=[...e.trustedOrigins||[],s.baseURL,a.origin];let{handler:u}=St(s,e);return u(n)},api:r,options:e,$context:t,$Infer:{}}};export{L as BetterAuthError,H as HIDE_METADATA,_e as MissingDependencyError,fc as betterAuth,_o as capitalizeFirstLetter,he as createCookieGetter,de as createLogger,N as deleteSessionCookie,q as generateId,ae as generateState,Be as getCookies,we as levels,E as logger,On as parseCookies,kn as parseSetCookieHeader,Fe as parseState,O as setSessionCookie,wr as shouldPublishLog};

package/dist/next-js.d.cts

@@ -1,5 +1,5 @@
 import * as better_call from 'better-call';
-import { H as HookEndpointContext } from './auth-BVa3db5J.cjs';
+import { H as HookEndpointContext } from './auth-BubrmklB.cjs';
 import 'kysely';
 import 'zod';
 import './helper-DxMBi7M2.cjs';

package/dist/next-js.d.ts

@@ -1,5 +1,5 @@
 import * as better_call from 'better-call';
-import { H as HookEndpointContext } from './auth-5eyWphKM.js';
+import { H as HookEndpointContext } from './auth-DF-f5DGM.js';
 import 'kysely';
 import 'zod';
 import './helper-DxMBi7M2.js';

package/dist/node.d.cts

@@ -1,6 +1,6 @@
 import * as http from 'http';
 import { IncomingHttpHeaders } from 'http';
-import { A as Auth } from './auth-BVa3db5J.cjs';
+import { A as Auth } from './auth-BubrmklB.cjs';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/node.d.ts

@@ -1,6 +1,6 @@
 import * as http from 'http';
 import { IncomingHttpHeaders } from 'http';
-import { A as Auth } from './auth-5eyWphKM.js';
+import { A as Auth } from './auth-DF-f5DGM.js';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/oauth2.d.cts

@@ -1,10 +1,10 @@
 import { P as ProviderOptions, O as OAuth2Tokens } from './index-PzUmElyX.cjs';
 export { a as OAuthProvider } from './index-PzUmElyX.cjs';
-export { g as generateState, p as parseState } from './state-CYO8U5dl.cjs';
+export { g as generateState, p as parseState } from './state-CQJXHclh.cjs';
 import './helper-DxMBi7M2.cjs';
 import 'zod';
 import 'jose';
-import './auth-BVa3db5J.cjs';
+import './auth-BubrmklB.cjs';
 import 'kysely';
 import 'better-call';
 import 'better-sqlite3';

package/dist/oauth2.d.ts

@@ -1,10 +1,10 @@
 import { P as ProviderOptions, O as OAuth2Tokens } from './index-CS8-YiCU.js';
 export { a as OAuthProvider } from './index-CS8-YiCU.js';
-export { g as generateState, p as parseState } from './state-BpBNrIEi.js';
+export { g as generateState, p as parseState } from './state-C_runTlH.js';
 import './helper-DxMBi7M2.js';
 import 'zod';
 import 'jose';
-import './auth-5eyWphKM.js';
+import './auth-DF-f5DGM.js';
 import 'kysely';
 import 'better-call';
 import 'better-sqlite3';