better-auth 1.0.21 → 1.0.22-beta.2

package/dist/index.js

@@ -1,5 +1,5 @@
 import{APIError as K,createRouter as hn,getCookie as yn,getSignedCookie as wn,setCookie as An,setSignedCookie as bn}from"better-call";import{APIError as mr}from"better-call";import{createEndpointCreator as dr,createMiddleware as Ne,createMiddlewareCreator as cr}from"better-call";var Be=Ne(async()=>({})),X=cr({use:[Be,Ne(async()=>({}))]}),T=dr({use:[Be]});function ke(e){return e==="-"||e==="^"||e==="$"||e==="+"||e==="."||e==="("||e===")"||e==="|"||e==="["||e==="]"||e==="{"||e==="}"||e==="*"||e==="?"||e==="\\"?`\\${e}`:e}function ur(e){let t="";for(let r=0;r<e.length;r++)t+=ke(e[r]);return t}function Ve(e,t=!0){if(Array.isArray(e))return`(?:${e.map(d=>`^${Ve(d,t)}$`).join("|")})`;let r="",n="",i=".";t===!0?(r="/",n="[/\\\\]",i="[^/\\\\]"):t&&(r=t,n=ur(r),n.length>1?(n=`(?:${n})`,i=`((?!${n}).)`):i=`[^${n}]`);let o=t?`${n}+?`:"",a=t?`${n}*?`:"",l=t?e.split(r):[e],c="";for(let s=0;s<l.length;s++){let d=l[s],p=l[s+1],m="";if(!(!d&&s>0)){if(t&&(s===l.length-1?m=a:p!=="**"?m=o:m=""),t&&d==="**"){m&&(c+=s===0?"":m,c+=`(?:${i}*?${m})*?`);continue}for(let u=0;u<d.length;u++){let f=d[u];f==="\\"?u<d.length-1&&(c+=ke(d[u+1]),u++):f==="?"?c+=i:f==="*"?c+=`${i}*?`:c+=ke(f)}c+=m}}return c}function lr(e,t){if(typeof t!="string")throw new TypeError(`Sample must be a string, but ${typeof t} given`);return e.test(t)}function ae(e,t){if(typeof e!="string"&&!Array.isArray(e))throw new TypeError(`The first argument must be a single pattern string or an array of patterns, but ${typeof e} given`);if((typeof t=="string"||typeof t=="boolean")&&(t={separator:t}),arguments.length===2&&!(typeof t>"u"||typeof t=="object"&&t!==null&&!Array.isArray(t)))throw new TypeError(`The second argument must be an options object or a string/boolean separator, but ${typeof t} given`);if(t=t||{},t.separator==="\\")throw new Error("\\ is not a valid separator because it is used for escaping. Try setting the separator to `true` instead");let r=Ve(e,t.separator),n=new RegExp(`^${r}$`,t.flags),i=lr.bind(null,n);return i.options=t,i.pattern=e,i.regexp=n,i}var de=Object.create(null),ee=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?de:globalThis),L=new Proxy(de,{get(e,t){return ee()[t]??de[t]},has(e,t){let r=ee();return t in r||t in de},set(e,t,r){let n=ee(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=ee(!0);return delete r[t],!0},ownKeys(){let e=ee(!0);return Object.keys(e)}});function pr(e){return e?e!=="false":!1}var ce=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",te=ce==="production",ue=ce==="dev"||ce==="development",Fe=ce==="test"||pr(L.TEST);var D=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},qe=class extends D{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function fr(e){try{return new URL(e).pathname!=="/"}catch{throw new D(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Te(e,t="/api/auth"){return fr(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function re(e,t){if(e)return Te(e,t);let r=L.BETTER_AUTH_URL||L.NEXT_PUBLIC_BETTER_AUTH_URL||L.PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_AUTH_URL||(L.BASE_URL!=="/"?L.BASE_URL:void 0);if(r)return Te(r,t);if(typeof window<"u"&&window.location)return Te(window.location.origin,t)}function je(e){try{return new URL(e).origin}catch{return null}}function $e(e){return e.includes("://")?new URL(e).host:e}var Me=X(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:n}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",o=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,l=r?.currentURL,c=t?.errorCallbackURL,s=t?.newUserCallbackURL,d=n.trustedOrigins,p=e.headers?.has("cookie"),m=(f,g)=>f.startsWith("/")?!1:g.includes("*")?ae(g)($e(f)):f.startsWith(g),u=(f,g)=>{if(!f)return;if(!d.some(h=>m(f,h)||f?.startsWith("/")&&g!=="origin"&&!f.includes(":")))throw e.context.logger.error(`Invalid ${g}: ${f}`),e.context.logger.info(`If it's a valid URL, please add ${f} to trustedOrigins in your auth config
-`,`Current list of trustedOrigins: ${d}`),new mr("FORBIDDEN",{message:`Invalid ${g}`})};p&&!e.context.options.advanced?.disableCSRFCheck&&u(i,"origin"),o&&u(o,"callbackURL"),a&&u(a,"redirectURL"),l&&u(l,"currentURL"),c&&u(c,"errorCallbackURL"),s&&u(a,"newUserCallbackURL")});import{APIError as _}from"better-call";import{z as x}from"zod";import{TimeSpan as yr}from"oslo";import{base64url as wr}from"oslo/encoding";import{HMAC as ze,sha256 as zn}from"oslo/crypto";function Ee(e,t){let r=new Uint8Array(e),n=new Uint8Array(t);if(r.length!==n.length)return!1;let i=0;for(let o=0;o<r.length;o++)i|=r[o]^n[o];return i===0}async function gr({value:e,secret:t}){return new ze("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function hr({value:e,signature:t,secret:r}){return new ze("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var le={sign:gr,verify:hr};var B=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));function Kn(e){let t=new Map;return e.split(", ").forEach(n=>{let i=n.split(";").map(p=>p.trim()),[o,...a]=i,[l,...c]=o.split("="),s=c.join("=");if(!l||s===void 0)return;let d={value:s};a.forEach(p=>{let[m,...u]=p.split("="),f=u.join("="),g=m.trim().toLowerCase();switch(g){case"max-age":d["max-age"]=f?parseInt(f.trim(),10):void 0;break;case"expires":d.expires=f?new Date(f.trim()):void 0;break;case"domain":d.domain=f?f.trim():void 0;break;case"path":d.path=f?f.trim():void 0;break;case"secure":d.secure=!0;break;case"httponly":d.httponly=!0;break;case"samesite":d.samesite=f?f.trim().toLowerCase():void 0;break;default:d[g]=f?f.trim():!0;break}}),t.set(l,d)}),t}function Ue(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):te)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,i=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!i)throw new D("baseURL is required when crossSubdomainCookies are enabled");function o(a,l={}){let c=e.advanced?.cookiePrefix||"better-auth",s=e.advanced?.cookies?.[a]?.name||`${c}.${a}`,d=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${s}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...l,...d}}}return o}function He(e){let t=Ue(e),r=e.session?.expiresIn||new yr(7,"d").seconds(),n=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),o=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:o.name,options:o.attributes}}}async function I(e,t,r,n){let i=e.context.authCookies.sessionToken.options,o=r?void 0:e.context.sessionConfig.expiresIn;if(await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...i,maxAge:o,...n}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled){let l=wr.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:B(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await le.sign({value:JSON.stringify(t),secret:e.context.secret})})),{includePadding:!1});if(l.length>4093)throw new D("Session data is too large to store in the cookie. Please disable session cookie caching or reduce the size of the session data");e.setCookie(e.context.authCookies.sessionData.name,l,e.context.authCookies.sessionData.options)}e.context.setNewSession(t),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),Math.floor((new Date(t.session.expiresAt).getTime()-Date.now())/1e3))}function F(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function ri(e){let t=e.split("; "),r=new Map;return t.forEach(n=>{let[i,o]=n.split("=");r.set(i,o)}),r}import{betterFetch as Er}from"@better-fetch/fetch";import{APIError as Ur}from"better-call";import{decodeProtectedHeader as xr,importJWK as Or,jwtVerify as vr}from"jose";import{parseJWT as Sr}from"oslo/jwt";import{sha256 as Ar}from"oslo/crypto";import{base64url as br}from"oslo/encoding";async function Ge(e){let t=await Ar(new TextEncoder().encode(e));return br.encode(new Uint8Array(t),{includePadding:!1})}function pe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?B(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function U({id:e,options:t,authorizationEndpoint:r,state:n,codeVerifier:i,scopes:o,claims:a,redirectURI:l,duration:c}){let s=new URL(r);if(s.searchParams.set("response_type","code"),s.searchParams.set("client_id",t.clientId),s.searchParams.set("state",n),s.searchParams.set("scope",o.join(" ")),s.searchParams.set("redirect_uri",t.redirectURI||l),i){let d=await Ge(i);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",d)}if(a){let d=a.reduce((p,m)=>(p[m]=null,p),{});s.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return c&&s.searchParams.set("duration",c),s}import{betterFetch as Rr}from"@better-fetch/fetch";async function E({code:e,codeVerifier:t,redirectURI:r,options:n,tokenEndpoint:i,authentication:o}){let a=new URLSearchParams,l={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(a.set("grant_type","authorization_code"),a.set("code",e),t&&a.set("code_verifier",t),a.set("redirect_uri",r),o==="basic"){let p=btoa(`${n.clientId}:${n.clientSecret}`);l.authorization=`Basic ${p}`}else a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:c,error:s}=await Rr(i,{method:"POST",body:a,headers:l});if(s)throw s;return pe(c)}import{generateCodeVerifier as kr,generateState as Tr}from"oslo/oauth2";import{z as $}from"zod";import{APIError as We}from"better-call";async function fe(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?je(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new We("BAD_REQUEST",{message:"callbackURL is required"});let n=kr(),i=Tr(),o=JSON.stringify({callbackURL:r,codeVerifier:n,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,newUserURL:e.body?.newUserCallbackURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let l=await e.context.internalAdapter.createVerificationValue({value:o,identifier:i,expiresAt:a});if(!l)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new We("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:l.identifier,codeVerifier:n}}async function Ke(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let n=$.object({callbackURL:$.string(),codeVerifier:$.string(),errorURL:$.string().optional(),newUserURL:$.string().optional(),expiresAt:$.number(),link:$.object({email:$.string(),userId:$.string()}).optional()}).parse(JSON.parse(r.value));if(n.errorURL||(n.errorURL=`${e.context.baseURL}/error`),n.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),n}var Ze=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:n,redirectURI:i}){let o=n||["email","name"];return e.scope&&o.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${o.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:i})=>E({code:r,codeVerifier:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,n){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,n);let i=xr(r),{kid:o,alg:a}=i;if(!o||!a)return!1;let l=await _r(o),{payload:c}=await vr(r,l,{algorithms:[a],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(s=>{c[s]!==void 0&&(c[s]=!!c[s])}),n&&c.nonce!==n?!1:!!c},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let n=Sr(r.idToken)?.payload;if(!n)return null;let i=n.user?`${n.user.name.firstName} ${n.user.name.lastName}`:n.email,o=await e.mapProfileToUser?.(n);return{user:{id:n.sub,name:i,emailVerified:!1,email:n.email,...o},data:n}}}},_r=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:n}=await Er(`${t}${r}`);if(!n?.keys)throw new Ur("BAD_REQUEST",{message:"Keys not found"});let i=n.keys.find(o=>o.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await Or(i,i.alg)};import{betterFetch as Ir}from"@better-fetch/fetch";var Qe=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||n)}&state=${t}&prompt=${e.prompt||"none"}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>E({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Ir("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(n)return null;if(r.avatar===null){let o=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${o}.png`}else{let o=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${o}`}let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url,...i},data:r}}});import{betterFetch as Pr}from"@better-fetch/fetch";var Je=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await U({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:n})},validateAuthorizationCode:async({code:t,redirectURI:r})=>E({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Pr("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified,...i},data:r}}});import{betterFetch as Ye}from"@better-fetch/fetch";var Xe=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:n,codeVerifier:i,redirectURI:o}){let a=n||["user:email"];return e.scope&&a.push(...e.scope),U({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:o})},validateAuthorizationCode:async({code:r,redirectURI:n})=>E({code:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:i}=await Ye("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let o=!1;if(!n.email){let{data:l,error:c}=await Ye("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(n.email=(l.find(s=>s.primary)??l[0])?.email,o=l.find(s=>s.email===n.email)?.verified??!1)}let a=await e.mapProfileToUser?.(n);return{user:{id:n.id.toString(),name:n.name||n.login,email:n.email,image:n.avatar_url,emailVerified:o,...a},data:n}}}};import{parseJWT as Nr}from"oslo/jwt";import{createConsola as Lr}from"consola";var xe=["info","success","warn","error","debug"];function Dr(e,t){return xe.indexOf(t)<=xe.indexOf(e)}var Cr=Lr({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),me=e=>{let t=e?.disabled!==!0,r=e?.level??"error",n=(i,o,a=[])=>{if(!(!t||!Dr(r,i))){if(!e||typeof e.log!="function"){Cr[i]("",o,...a);return}e.log(i==="success"?"info":i,o,a)}};return Object.fromEntries(xe.map(i=>[i,(...[o,...a])=>n(i,o,a)]))},P=me();import{betterFetch as Br}from"@better-fetch/fetch";var et=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw P.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new D("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new D("codeVerifier is required for Google");let o=r||["email","profile","openid"];e.scope&&o.push(...e.scope);let a=await U({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:o,state:t,codeVerifier:n,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>E({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let n=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await Br(n);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=Nr(t.idToken)?.payload,n=await e.mapProfileToUser?.(r);return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified,...n},data:r}}});import{betterFetch as Vr}from"@better-fetch/fetch";import{parseJWT as Fr}from"oslo/jwt";var tt=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,n=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let o=i.scopes||["openid","profile","email","User.Read"];return e.scope&&o.push(...e.scope),U({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:o,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:o,redirectURI:a}){return E({code:i,codeVerifier:o,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:n})},async getUserInfo(i){if(e.getUserInfo)return e.getUserInfo(i);if(!i.idToken)return null;let o=Fr(i.idToken)?.payload,a=e.profilePhotoSize||48;await Vr(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),p=Buffer.from(d).toString("base64");o.picture=`data:image/jpeg;base64, ${p}`}catch(s){P.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}});let l=await e.mapProfileToUser?.(o);return{user:{id:o.sub,name:o.name,email:o.email,image:o.picture,emailVerified:!0,...l},data:o}}}};import{betterFetch as qr}from"@better-fetch/fetch";var rt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:i}){let o=r||["user-read-email"];return e.scope&&o.push(...e.scope),U({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:o,state:t,codeVerifier:n,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>E({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await qr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1,...i},data:r}}});function ro(e){return e.charAt(0).toUpperCase()+e.slice(1)}var Z={isAction:!1};import{nanoid as jr}from"nanoid";var q=e=>jr(e);import{parseJWT as $r}from"oslo/jwt";var nt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),U({id:"twitch",redirectURI:n,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>E({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return P.error("No idToken found in token"),null;let n=$r(r)?.payload,i=await e.mapProfileToUser?.(n);return{user:{id:n.sub,name:n.preferred_username,email:n.email,image:n.picture,emailVerified:!1,...i},data:n}}});import{betterFetch as Mr}from"@better-fetch/fetch";var it=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),U({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>E({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Mr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.data.id,name:r.data.name,email:r.data.username||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1,...i},data:r}}});import{betterFetch as zr}from"@better-fetch/fetch";var ot=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:n,codeVerifier:i,redirectURI:o})=>{let a=n||["account_info.read"];return e.scope&&a.push(...e.scope),await U({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:o,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:i})=>await E({code:r,codeVerifier:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:i}=await zr("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});if(i)return null;let o=await e.mapProfileToUser?.(n);return{user:{id:n.account_id,name:n.name?.display_name,email:n.email,emailVerified:n.email_verified||!1,image:n.profile_photo_url,...o},data:n}}}};import{betterFetch as Hr}from"@better-fetch/fetch";var st=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:n,scopes:i,redirectURI:o})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await U({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:n,redirectURI:o})},validateAuthorizationCode:async({code:n,redirectURI:i})=>await E({code:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(n){let{data:i,error:o}=await Hr("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken}`}});if(o)return null;let a=await e.mapProfileToUser?.(i);return{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture,...a},data:i}}}};import{betterFetch as Gr}from"@better-fetch/fetch";var Oe=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Wr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Oe(`${t}/oauth/authorize`),tokenEndpoint:Oe(`${t}/oauth/token`),userinfoEndpoint:Oe(`${t}/api/v4/user`)}},at=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:n}=Wr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:l,codeVerifier:c,redirectURI:s})=>{let d=l||["read_user"];return e.scope&&d.push(...e.scope),await U({id:i,options:e,authorizationEndpoint:t,scopes:d,state:a,redirectURI:s,codeVerifier:c})},validateAuthorizationCode:async({code:a,redirectURI:l,codeVerifier:c})=>E({code:a,redirectURI:e.redirectURI||l,options:e,codeVerifier:c,tokenEndpoint:r}),async getUserInfo(a){if(e.getUserInfo)return e.getUserInfo(a);let{data:l,error:c}=await Gr(n,{headers:{authorization:`Bearer ${a.accessToken}`}});if(c||l.state!=="active"||l.locked)return null;let s=await e.mapProfileToUser?.(l);return{user:{id:l.id.toString(),name:l.name??l.username,email:l.email,image:l.avatar_url,emailVerified:!0,...s},data:l}}}};import{betterFetch as dt}from"@better-fetch/fetch";var ct=e=>({id:"reddit",name:"Reddit",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["identity"];return e.scope&&i.push(...e.scope),U({id:"reddit",options:e,authorizationEndpoint:"https://www.reddit.com/api/v1/authorize",scopes:i,state:t,redirectURI:n,duration:e.duration})},validateAuthorizationCode:async({code:t,redirectURI:r})=>{let n=new URLSearchParams({grant_type:"authorization_code",code:t,redirect_uri:e.redirectURI||r}),i={"content-type":"application/x-www-form-urlencoded",accept:"text/plain","user-agent":"better-auth",Authorization:`Basic ${Buffer.from(`${e.clientId}:${e.clientSecret}`).toString("base64")}`},{data:o,error:a}=await dt("https://www.reddit.com/api/v1/access_token",{method:"POST",headers:i,body:n.toString()});if(a)throw a;return pe(o)},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await dt("https://oauth.reddit.com/api/v1/me",{headers:{Authorization:`Bearer ${t.accessToken}`,"User-Agent":"better-auth"}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.oauth_client_id,emailVerified:r.has_verified_email,image:r.icon_img?.split("?")[0],...i},data:r}}});var ve={apple:Ze,discord:Qe,facebook:Je,github:Xe,microsoft:tt,google:et,spotify:rt,twitch:nt,twitter:it,dropbox:ot,linkedin:st,gitlab:at,reddit:ct},ge=Object.keys(ve);import{TimeSpan as Kr}from"oslo";import{createJWT as Zr,validateJWT as Qr}from"oslo/jwt";import{z as V}from"zod";import{APIError as ne}from"better-call";import{APIError as M}from"better-call";import{z as G}from"zod";function Q(e){try{return JSON.parse(e)}catch{return null}}var b={USER_NOT_FOUND:"User not found",FAILED_TO_CREATE_USER:"Failed to create user",FAILED_TO_CREATE_SESSION:"Failed to create session",FAILED_TO_UPDATE_USER:"Failed to update user",FAILED_TO_GET_SESSION:"Failed to get session",INVALID_PASSWORD:"Invalid password",INVALID_EMAIL:"Invalid email",INVALID_EMAIL_OR_PASSWORD:"Invalid email or password",SOCIAL_ACCOUNT_ALREADY_LINKED:"Social account already linked",PROVIDER_NOT_FOUND:"Provider not found",INVALID_TOKEN:"invalid token",ID_TOKEN_NOT_SUPPORTED:"id_token not supported",FAILED_TO_GET_USER_INFO:"Failed to get user info",USER_EMAIL_NOT_FOUND:"User email not found",EMAIL_NOT_VERIFIED:"Email not verified",PASSWORD_TOO_SHORT:"Password too short",PASSWORD_TOO_LONG:"Password too long",USER_ALREADY_EXISTS:"User already exists",EMAIL_CAN_NOT_BE_UPDATED:"Email can not be updated",CREDENTIAL_ACCOUNT_NOT_FOUND:"Credential account not found"};var Se=()=>T("/get-session",{method:"GET",query:G.optional(G.object({disableCookieCache:G.boolean({description:"Disable cookie cache and fetch session from database"}).or(G.string().transform(e=>e==="true")).optional(),disableRefresh:G.boolean({description:"Disable session refresh. Useful for checking session status, without updating the session"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),n=r?Q(Buffer.from(r,"base64").toString()):null;if(n&&!await le.verify({value:JSON.stringify(n.session),signature:n?.signature,secret:e.context.secret}))return F(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(n?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let d=n.session;if(n.expiresAt<Date.now()||d.session.expiresAt<new Date){let m=e.context.authCookies.sessionData.name;e.setCookie(m,"",{maxAge:0})}else return e.json(d)}let o=await e.context.internalAdapter.findSession(t);if(e.context.session=o,!o||o.session.expiresAt<new Date)return F(e),o&&await e.context.internalAdapter.deleteSession(o.session.token),e.json(null);if(i||e.query?.disableRefresh)return e.json(o);let a=e.context.sessionConfig.expiresIn,l=e.context.sessionConfig.updateAge;if(o.session.expiresAt.valueOf()-a*1e3+l*1e3<=Date.now()){let d=await e.context.internalAdapter.updateSession(o.session.token,{expiresAt:B(e.context.sessionConfig.expiresIn,"sec")});if(!d)return F(e),e.json(null,{status:401});let p=(d.expiresAt.valueOf()-Date.now())/1e3;return await I(e,{session:d,user:o.user},!1,{maxAge:p}),e.json({session:d,user:o.user})}return e.json(o)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new M("INTERNAL_SERVER_ERROR",{message:b.FAILED_TO_GET_SESSION})}}),W=async(e,t)=>{if(e.context.session)return e.context.session;let r=await Se()({...e,_flag:"json",headers:e.headers,query:t}).catch(n=>null);return e.context.session=r,r},C=X(async e=>{let t=await W(e);if(!t?.session)throw new M("UNAUTHORIZED");return{session:t}}),ut=X(async e=>{let t=await W(e);if(!t?.session)throw new M("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,n=t.session.createdAt.valueOf(),i=Date.now();if(!(n+r*1e3>i))throw new M("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),lt=()=>T("/list-sessions",{method:"GET",use:[C],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(n=>n.expiresAt>new Date);return e.json(r)}),pt=T("/revoke-session",{method:"POST",body:G.object({token:G.string({description:"The token to revoke"})}),use:[C],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new M("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new M("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(n){throw e.context.logger.error(n&&typeof n=="object"&&"name"in n?n.name:"",n),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),ft=T("/revoke-sessions",{method:"POST",use:[C],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),mt=T("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[C],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new M("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(o=>o.expiresAt>new Date).filter(o=>o.token!==e.context.session.session.token);return await Promise.all(i.map(o=>e.context.internalAdapter.deleteSession(o.token))),e.json({status:!0})});async function j(e,t,r){return await Zr("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Kr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}async function Jr(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new ne("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,t.email),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:n,token:r},e.request)}var gt=T("/send-verification-email",{method:"POST",query:V.object({currentURL:V.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:V.object({email:V.string({description:"The email to send the verification email to"}).email(),callbackURL:V.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new ne("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new ne("BAD_REQUEST",{message:b.USER_NOT_FOUND});return await Jr(e,r.user),e.json({status:!0})}),ht=T("/verify-email",{method:"GET",query:V.object({token:V.string({description:"The token to verify the email"}),callbackURL:V.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(l){throw e.query.callbackURL?e.query.callbackURL.includes("?")?e.redirect(`${e.query.callbackURL}&error=${l}`):e.redirect(`${e.query.callbackURL}?error=${l}`):new ne("UNAUTHORIZED",{message:l})}let{token:r}=e.query,n;try{n=await Qr("HS256",Buffer.from(e.context.secret),r)}catch(l){return e.context.logger.error("Failed to verify email",l),t("invalid_token")}let o=V.object({email:V.string().email(),updateTo:V.string().optional()}).parse(n.payload),a=await e.context.internalAdapter.findUserByEmail(o.email);if(!a)return t("user_not_found");if(o.updateTo){let l=await W(e);if(!l){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(l.user.email!==o.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let c=await e.context.internalAdapter.updateUserByEmail(o.email,{email:o.updateTo,emailVerified:!1}),s=await j(e.context.secret,o.updateTo);if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:c,url:`${e.context.baseURL}/verify-email?token=${s}`,token:s},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(o.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await W(e)){let c=await e.context.internalAdapter.createSession(a.user.id,e.request);if(!c)throw new ne("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await I(e,{session:c,user:a.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function he(e,{userInfo:t,account:r,callbackURL:n}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(c=>{throw P.error(`Better auth was unable to query your database.
+`,`Current list of trustedOrigins: ${d}`),new mr("FORBIDDEN",{message:`Invalid ${g}`})};p&&!e.context.options.advanced?.disableCSRFCheck&&u(i,"origin"),o&&u(o,"callbackURL"),a&&u(a,"redirectURL"),l&&u(l,"currentURL"),c&&u(c,"errorCallbackURL"),s&&u(a,"newUserCallbackURL")});import{APIError as _}from"better-call";import{z as x}from"zod";import{TimeSpan as yr}from"oslo";import{base64url as wr}from"oslo/encoding";import{HMAC as ze,sha256 as zn}from"oslo/crypto";function Ee(e,t){let r=new Uint8Array(e),n=new Uint8Array(t);if(r.length!==n.length)return!1;let i=0;for(let o=0;o<r.length;o++)i|=r[o]^n[o];return i===0}async function gr({value:e,secret:t}){return new ze("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function hr({value:e,signature:t,secret:r}){return new ze("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var le={sign:gr,verify:hr};var B=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));function Kn(e){let t=new Map;return e.split(", ").forEach(n=>{let i=n.split(";").map(p=>p.trim()),[o,...a]=i,[l,...c]=o.split("="),s=c.join("=");if(!l||s===void 0)return;let d={value:s};a.forEach(p=>{let[m,...u]=p.split("="),f=u.join("="),g=m.trim().toLowerCase();switch(g){case"max-age":d["max-age"]=f?parseInt(f.trim(),10):void 0;break;case"expires":d.expires=f?new Date(f.trim()):void 0;break;case"domain":d.domain=f?f.trim():void 0;break;case"path":d.path=f?f.trim():void 0;break;case"secure":d.secure=!0;break;case"httponly":d.httponly=!0;break;case"samesite":d.samesite=f?f.trim().toLowerCase():void 0;break;default:d[g]=f?f.trim():!0;break}}),t.set(l,d)}),t}function Ue(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):te)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,i=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!i)throw new D("baseURL is required when crossSubdomainCookies are enabled");function o(a,l={}){let c=e.advanced?.cookiePrefix||"better-auth",s=e.advanced?.cookies?.[a]?.name||`${c}.${a}`,d=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${s}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...l,...d}}}return o}function He(e){let t=Ue(e),r=e.session?.expiresIn||new yr(7,"d").seconds(),n=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),o=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:o.name,options:o.attributes}}}async function I(e,t,r,n){let i=e.context.authCookies.sessionToken.options,o=r?void 0:e.context.sessionConfig.expiresIn;if(await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...i,maxAge:o,...n}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled){let l=wr.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:B(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await le.sign({value:JSON.stringify(t),secret:e.context.secret})})),{includePadding:!1});if(l.length>4093)throw new D("Session data is too large to store in the cookie. Please disable session cookie caching or reduce the size of the session data");e.setCookie(e.context.authCookies.sessionData.name,l,e.context.authCookies.sessionData.options)}e.context.setNewSession(t),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),Math.floor((new Date(t.session.expiresAt).getTime()-Date.now())/1e3))}function F(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function ri(e){let t=e.split("; "),r=new Map;return t.forEach(n=>{let[i,o]=n.split("=");r.set(i,o)}),r}import{betterFetch as Er}from"@better-fetch/fetch";import{APIError as Ur}from"better-call";import{decodeProtectedHeader as xr,importJWK as Or,jwtVerify as vr}from"jose";import{parseJWT as Sr}from"oslo/jwt";import{sha256 as Ar}from"oslo/crypto";import{base64url as br}from"oslo/encoding";async function Ge(e){let t=await Ar(new TextEncoder().encode(e));return br.encode(new Uint8Array(t),{includePadding:!1})}function pe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?B(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function U({id:e,options:t,authorizationEndpoint:r,state:n,codeVerifier:i,scopes:o,claims:a,redirectURI:l,duration:c}){let s=new URL(r);if(s.searchParams.set("response_type","code"),s.searchParams.set("client_id",t.clientId),s.searchParams.set("state",n),s.searchParams.set("scope",o.join(" ")),s.searchParams.set("redirect_uri",t.redirectURI||l),i){let d=await Ge(i);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",d)}if(a){let d=a.reduce((p,m)=>(p[m]=null,p),{});s.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return c&&s.searchParams.set("duration",c),s}import{betterFetch as Rr}from"@better-fetch/fetch";async function E({code:e,codeVerifier:t,redirectURI:r,options:n,tokenEndpoint:i,authentication:o}){let a=new URLSearchParams,l={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(a.set("grant_type","authorization_code"),a.set("code",e),t&&a.set("code_verifier",t),a.set("redirect_uri",r),o==="basic"){let p=btoa(`${n.clientId}:${n.clientSecret}`);l.authorization=`Basic ${p}`}else a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:c,error:s}=await Rr(i,{method:"POST",body:a,headers:l});if(s)throw s;return pe(c)}import{generateCodeVerifier as kr,generateState as Tr}from"oslo/oauth2";import{z as $}from"zod";import{APIError as We}from"better-call";async function fe(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?je(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new We("BAD_REQUEST",{message:"callbackURL is required"});let n=kr(),i=Tr(),o=JSON.stringify({callbackURL:r,codeVerifier:n,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,newUserURL:e.body?.newUserCallbackURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let l=await e.context.internalAdapter.createVerificationValue({value:o,identifier:i,expiresAt:a});if(!l)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new We("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:l.identifier,codeVerifier:n}}async function Ke(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let n=$.object({callbackURL:$.string(),codeVerifier:$.string(),errorURL:$.string().optional(),newUserURL:$.string().optional(),expiresAt:$.number(),link:$.object({email:$.string(),userId:$.string()}).optional()}).parse(JSON.parse(r.value));if(n.errorURL||(n.errorURL=`${e.context.baseURL}/error`),n.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),n}var Ze=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:n,redirectURI:i}){let o=n||["email","name"];return e.scope&&o.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${o.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:i})=>E({code:r,codeVerifier:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,n){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,n);let i=xr(r),{kid:o,alg:a}=i;if(!o||!a)return!1;let l=await _r(o),{payload:c}=await vr(r,l,{algorithms:[a],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(s=>{c[s]!==void 0&&(c[s]=!!c[s])}),n&&c.nonce!==n?!1:!!c},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let n=Sr(r.idToken)?.payload;if(!n)return null;let i=n.user?`${n.user.name.firstName} ${n.user.name.lastName}`:n.email,o=await e.mapProfileToUser?.(n);return{user:{id:n.sub,name:i,emailVerified:!1,email:n.email,...o},data:n}}}},_r=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:n}=await Er(`${t}${r}`);if(!n?.keys)throw new Ur("BAD_REQUEST",{message:"Keys not found"});let i=n.keys.find(o=>o.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await Or(i,i.alg)};import{betterFetch as Ir}from"@better-fetch/fetch";var Qe=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||n)}&state=${t}&prompt=${e.prompt||"none"}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>E({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Ir("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(n)return null;if(r.avatar===null){let o=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${o}.png`}else{let o=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${o}`}let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url,...i},data:r}}});import{betterFetch as Pr}from"@better-fetch/fetch";var Je=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await U({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:n})},validateAuthorizationCode:async({code:t,redirectURI:r})=>E({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Pr("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified,...i},data:r}}});import{betterFetch as Ye}from"@better-fetch/fetch";var Xe=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:n,codeVerifier:i,redirectURI:o}){let a=n||["user:email"];return e.scope&&a.push(...e.scope),U({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:o})},validateAuthorizationCode:async({code:r,redirectURI:n})=>E({code:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:i}=await Ye("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let o=!1;if(!n.email){let{data:l,error:c}=await Ye("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(n.email=(l.find(s=>s.primary)??l[0])?.email,o=l.find(s=>s.email===n.email)?.verified??!1)}let a=await e.mapProfileToUser?.(n);return{user:{id:n.id.toString(),name:n.name||n.login,email:n.email,image:n.avatar_url,emailVerified:o,...a},data:n}}}};import{parseJWT as Nr}from"oslo/jwt";import{createConsola as Lr}from"consola";var xe=["info","success","warn","error","debug"];function Dr(e,t){return xe.indexOf(t)<=xe.indexOf(e)}var Cr=Lr({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),me=e=>{let t=e?.disabled!==!0,r=e?.level??"error",n=(i,o,a=[])=>{if(!(!t||!Dr(r,i))){if(!e||typeof e.log!="function"){Cr[i]("",o,...a);return}e.log(i==="success"?"info":i,o,a)}};return Object.fromEntries(xe.map(i=>[i,(...[o,...a])=>n(i,o,a)]))},P=me();import{betterFetch as Br}from"@better-fetch/fetch";var et=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw P.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new D("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new D("codeVerifier is required for Google");let o=r||["email","profile","openid"];e.scope&&o.push(...e.scope);let a=await U({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:o,state:t,codeVerifier:n,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>E({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let n=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await Br(n);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=Nr(t.idToken)?.payload,n=await e.mapProfileToUser?.(r);return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified,...n},data:r}}});import{betterFetch as Vr}from"@better-fetch/fetch";import{parseJWT as Fr}from"oslo/jwt";var tt=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,n=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let o=i.scopes||["openid","profile","email","User.Read"];return e.scope&&o.push(...e.scope),U({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:o,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:o,redirectURI:a}){return E({code:i,codeVerifier:o,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:n})},async getUserInfo(i){if(e.getUserInfo)return e.getUserInfo(i);if(!i.idToken)return null;let o=Fr(i.idToken)?.payload,a=e.profilePhotoSize||48;await Vr(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),p=Buffer.from(d).toString("base64");o.picture=`data:image/jpeg;base64, ${p}`}catch(s){P.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}});let l=await e.mapProfileToUser?.(o);return{user:{id:o.sub,name:o.name,email:o.email,image:o.picture,emailVerified:!0,...l},data:o}}}};import{betterFetch as qr}from"@better-fetch/fetch";var rt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:i}){let o=r||["user-read-email"];return e.scope&&o.push(...e.scope),U({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:o,state:t,codeVerifier:n,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>E({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await qr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1,...i},data:r}}});function ro(e){return e.charAt(0).toUpperCase()+e.slice(1)}var Z={isAction:!1};import{nanoid as jr}from"nanoid";var q=e=>jr(e);import{parseJWT as $r}from"oslo/jwt";var nt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),U({id:"twitch",redirectURI:n,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>E({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return P.error("No idToken found in token"),null;let n=$r(r)?.payload,i=await e.mapProfileToUser?.(n);return{user:{id:n.sub,name:n.preferred_username,email:n.email,image:n.picture,emailVerified:!1,...i},data:n}}});import{betterFetch as Mr}from"@better-fetch/fetch";var it=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),U({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>E({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await Mr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.data.id,name:r.data.name,email:r.data.username||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1,...i},data:r}}});import{betterFetch as zr}from"@better-fetch/fetch";var ot=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:n,codeVerifier:i,redirectURI:o})=>{let a=n||["account_info.read"];return e.scope&&a.push(...e.scope),await U({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:o,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:i})=>await E({code:r,codeVerifier:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:i}=await zr("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});if(i)return null;let o=await e.mapProfileToUser?.(n);return{user:{id:n.account_id,name:n.name?.display_name,email:n.email,emailVerified:n.email_verified||!1,image:n.profile_photo_url,...o},data:n}}}};import{betterFetch as Hr}from"@better-fetch/fetch";var st=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:n,scopes:i,redirectURI:o})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await U({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:n,redirectURI:o})},validateAuthorizationCode:async({code:n,redirectURI:i})=>await E({code:n,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(n){let{data:i,error:o}=await Hr("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken}`}});if(o)return null;let a=await e.mapProfileToUser?.(i);return{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture,...a},data:i}}}};import{betterFetch as Gr}from"@better-fetch/fetch";var Oe=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Wr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Oe(`${t}/oauth/authorize`),tokenEndpoint:Oe(`${t}/oauth/token`),userinfoEndpoint:Oe(`${t}/api/v4/user`)}},at=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:n}=Wr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:l,codeVerifier:c,redirectURI:s})=>{let d=l||["read_user"];return e.scope&&d.push(...e.scope),await U({id:i,options:e,authorizationEndpoint:t,scopes:d,state:a,redirectURI:s,codeVerifier:c})},validateAuthorizationCode:async({code:a,redirectURI:l,codeVerifier:c})=>E({code:a,redirectURI:e.redirectURI||l,options:e,codeVerifier:c,tokenEndpoint:r}),async getUserInfo(a){if(e.getUserInfo)return e.getUserInfo(a);let{data:l,error:c}=await Gr(n,{headers:{authorization:`Bearer ${a.accessToken}`}});if(c||l.state!=="active"||l.locked)return null;let s=await e.mapProfileToUser?.(l);return{user:{id:l.id.toString(),name:l.name??l.username,email:l.email,image:l.avatar_url,emailVerified:!0,...s},data:l}}}};import{betterFetch as dt}from"@better-fetch/fetch";var ct=e=>({id:"reddit",name:"Reddit",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let i=r||["identity"];return e.scope&&i.push(...e.scope),U({id:"reddit",options:e,authorizationEndpoint:"https://www.reddit.com/api/v1/authorize",scopes:i,state:t,redirectURI:n,duration:e.duration})},validateAuthorizationCode:async({code:t,redirectURI:r})=>{let n=new URLSearchParams({grant_type:"authorization_code",code:t,redirect_uri:e.redirectURI||r}),i={"content-type":"application/x-www-form-urlencoded",accept:"text/plain","user-agent":"better-auth",Authorization:`Basic ${Buffer.from(`${e.clientId}:${e.clientSecret}`).toString("base64")}`},{data:o,error:a}=await dt("https://www.reddit.com/api/v1/access_token",{method:"POST",headers:i,body:n.toString()});if(a)throw a;return pe(o)},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await dt("https://oauth.reddit.com/api/v1/me",{headers:{Authorization:`Bearer ${t.accessToken}`,"User-Agent":"better-auth"}});if(n)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.oauth_client_id,emailVerified:r.has_verified_email,image:r.icon_img?.split("?")[0],...i},data:r}}});var ve={apple:Ze,discord:Qe,facebook:Je,github:Xe,microsoft:tt,google:et,spotify:rt,twitch:nt,twitter:it,dropbox:ot,linkedin:st,gitlab:at,reddit:ct},ge=Object.keys(ve);import{TimeSpan as Kr}from"oslo";import{createJWT as Zr,validateJWT as Qr}from"oslo/jwt";import{z as V}from"zod";import{APIError as ne}from"better-call";import{APIError as M}from"better-call";import{z as G}from"zod";function Q(e){try{return JSON.parse(e)}catch{return null}}var b={USER_NOT_FOUND:"User not found",FAILED_TO_CREATE_USER:"Failed to create user",FAILED_TO_CREATE_SESSION:"Failed to create session",FAILED_TO_UPDATE_USER:"Failed to update user",FAILED_TO_GET_SESSION:"Failed to get session",INVALID_PASSWORD:"Invalid password",INVALID_EMAIL:"Invalid email",INVALID_EMAIL_OR_PASSWORD:"Invalid email or password",SOCIAL_ACCOUNT_ALREADY_LINKED:"Social account already linked",PROVIDER_NOT_FOUND:"Provider not found",INVALID_TOKEN:"invalid token",ID_TOKEN_NOT_SUPPORTED:"id_token not supported",FAILED_TO_GET_USER_INFO:"Failed to get user info",USER_EMAIL_NOT_FOUND:"User email not found",EMAIL_NOT_VERIFIED:"Email not verified",PASSWORD_TOO_SHORT:"Password too short",PASSWORD_TOO_LONG:"Password too long",USER_ALREADY_EXISTS:"User already exists",EMAIL_CAN_NOT_BE_UPDATED:"Email can not be updated",CREDENTIAL_ACCOUNT_NOT_FOUND:"Credential account not found"};var Se=()=>T("/get-session",{method:"GET",query:G.optional(G.object({disableCookieCache:G.boolean({description:"Disable cookie cache and fetch session from database"}).or(G.string().transform(e=>e==="true")).optional(),disableRefresh:G.boolean({description:"Disable session refresh. Useful for checking session status, without updating the session"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),n=r?Q(Buffer.from(r,"base64").toString()):null;if(n&&!await le.verify({value:JSON.stringify(n.session),signature:n?.signature,secret:e.context.secret}))return F(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(n?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let d=n.session;if(n.expiresAt<Date.now()||d.session.expiresAt<new Date){let m=e.context.authCookies.sessionData.name;e.setCookie(m,"",{maxAge:0})}else return e.json(d)}let o=await e.context.internalAdapter.findSession(t);if(e.context.session=o,!o||o.session.expiresAt<new Date)return F(e),o&&await e.context.internalAdapter.deleteSession(o.session.token),e.json(null);if(i||e.query?.disableRefresh)return e.json(o);let a=e.context.sessionConfig.expiresIn,l=e.context.sessionConfig.updateAge;if(o.session.expiresAt.valueOf()-a*1e3+l*1e3<=Date.now()){let d=await e.context.internalAdapter.updateSession(o.session.token,{expiresAt:B(e.context.sessionConfig.expiresIn,"sec")});if(!d)return F(e),e.json(null,{status:401});let p=(d.expiresAt.valueOf()-Date.now())/1e3;return await I(e,{session:d,user:o.user},!1,{maxAge:p}),e.json({session:d,user:o.user})}return e.json(o)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new M("INTERNAL_SERVER_ERROR",{message:b.FAILED_TO_GET_SESSION})}}),W=async(e,t)=>{if(e.context.session)return e.context.session;let r=await Se()({...e,_flag:"json",headers:e.headers,query:t}).catch(n=>null);return e.context.session=r,r},C=X(async e=>{let t=await W(e);if(!t?.session)throw new M("UNAUTHORIZED");return{session:t}}),ut=X(async e=>{let t=await W(e);if(!t?.session)throw new M("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,n=t.session.updatedAt?.valueOf()||t.session.createdAt.valueOf();if(!(Date.now()-n<r*1e3))throw new M("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),lt=()=>T("/list-sessions",{method:"GET",use:[C],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(n=>n.expiresAt>new Date);return e.json(r)}),pt=T("/revoke-session",{method:"POST",body:G.object({token:G.string({description:"The token to revoke"})}),use:[C],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new M("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new M("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(n){throw e.context.logger.error(n&&typeof n=="object"&&"name"in n?n.name:"",n),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),ft=T("/revoke-sessions",{method:"POST",use:[C],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),mt=T("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[C],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new M("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(o=>o.expiresAt>new Date).filter(o=>o.token!==e.context.session.session.token);return await Promise.all(i.map(o=>e.context.internalAdapter.deleteSession(o.token))),e.json({status:!0})});async function j(e,t,r){return await Zr("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Kr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}async function Jr(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new ne("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,t.email),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:n,token:r},e.request)}var gt=T("/send-verification-email",{method:"POST",query:V.object({currentURL:V.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:V.object({email:V.string({description:"The email to send the verification email to"}).email(),callbackURL:V.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new ne("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new ne("BAD_REQUEST",{message:b.USER_NOT_FOUND});return await Jr(e,r.user),e.json({status:!0})}),ht=T("/verify-email",{method:"GET",query:V.object({token:V.string({description:"The token to verify the email"}),callbackURL:V.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(l){throw e.query.callbackURL?e.query.callbackURL.includes("?")?e.redirect(`${e.query.callbackURL}&error=${l}`):e.redirect(`${e.query.callbackURL}?error=${l}`):new ne("UNAUTHORIZED",{message:l})}let{token:r}=e.query,n;try{n=await Qr("HS256",Buffer.from(e.context.secret),r)}catch(l){return e.context.logger.error("Failed to verify email",l),t("invalid_token")}let o=V.object({email:V.string().email(),updateTo:V.string().optional()}).parse(n.payload),a=await e.context.internalAdapter.findUserByEmail(o.email);if(!a)return t("user_not_found");if(o.updateTo){let l=await W(e);if(!l){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(l.user.email!==o.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let c=await e.context.internalAdapter.updateUserByEmail(o.email,{email:o.updateTo,emailVerified:!1}),s=await j(e.context.secret,o.updateTo);if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:c,url:`${e.context.baseURL}/verify-email?token=${s}`,token:s},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(o.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await W(e)){let c=await e.context.internalAdapter.createSession(a.user.id,e.request);if(!c)throw new ne("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await I(e,{session:c,user:a.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function he(e,{userInfo:t,account:r,callbackURL:n}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(c=>{throw P.error(`Better auth was unable to query your database.
 Error: `,c),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),o=i?.user,a=!o;if(i){let c=i.accounts.find(s=>s.providerId===r.providerId);if(c){let s=Object.fromEntries(Object.entries({accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt}).filter(([d,p])=>p!==void 0));Object.keys(s).length>0&&await e.context.internalAdapter.updateAccount(c.id,s)}else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return ue&&P.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(p){return P.error("Unable to link account",p),{error:"unable to link account",data:null}}o=await e.context.internalAdapter.updateUser(i.user.id,{...t,updatedAt:new Date})}}else if(o=await e.context.internalAdapter.createOAuthUser({...t,email:t.email.toLowerCase(),id:void 0},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(c=>c?.user),!t.emailVerified&&o&&e.context.options.emailVerification?.sendOnSignUp){let c=await j(e.context.secret,o.email),s=`${e.context.baseURL}/verify-email?token=${c}&callbackURL=${n}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:o,url:s,token:c},e.request)}if(!o)return{error:"unable to create user",data:null,isRegister:!1};let l=await e.context.internalAdapter.createSession(o.id,e.request);return l?{data:{session:l,user:o},error:null,isRegister:a}:{error:"unable to create session",data:null,isRegister:!1}}var yt=T("/sign-in/social",{method:"POST",query:x.object({currentURL:x.string().optional()}).optional(),body:x.object({callbackURL:x.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),newUserCallbackURL:x.string().optional(),errorCallbackURL:x.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:x.enum(ge,{description:"OAuth2 provider to use"}),disableRedirect:x.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:x.optional(x.object({token:x.string({description:"ID token from the provider"}),nonce:x.string({description:"Nonce used to generate the token"}).optional(),accessToken:x.string({description:"Access token from the provider"}).optional(),refreshToken:x.string({description:"Refresh token from the provider"}).optional(),expiresAt:x.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(o=>o.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new _("NOT_FOUND",{message:b.PROVIDER_NOT_FOUND});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new _("NOT_FOUND",{message:b.ID_TOKEN_NOT_SUPPORTED});let{token:o,nonce:a}=e.body.idToken;if(!await t.verifyIdToken(o,a))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new _("UNAUTHORIZED",{message:b.INVALID_TOKEN});let c=await t.getUserInfo({idToken:o,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!c||!c?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new _("UNAUTHORIZED",{message:b.FAILED_TO_GET_USER_INFO});if(!c.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new _("UNAUTHORIZED",{message:b.USER_EMAIL_NOT_FOUND});let s=await he(e,{userInfo:{email:c.user.email,id:c.user.id,name:c.user.name||"",image:c.user.image,emailVerified:c.user.emailVerified||!1},account:{providerId:t.id,accountId:c.user.id,accessToken:e.body.idToken.accessToken}});if(s.error)throw new _("UNAUTHORIZED",{message:s.error});return await I(e,s.data),e.json({session:s.data.session,user:s.data.user,url:void 0,redirect:!1})}let{codeVerifier:r,state:n}=await fe(e),i=await t.createAuthorizationURL({state:n,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!e.body.disableRedirect})}),wt=T("/sign-in/email",{method:"POST",body:x.object({email:x.string({description:"Email of the user"}),password:x.string({description:"Password of the user"}),callbackURL:x.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:x.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new _("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!x.string().email().safeParse(t).success)throw new _("BAD_REQUEST",{message:b.INVALID_EMAIL});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new _("UNAUTHORIZED",{message:b.INVALID_EMAIL_OR_PASSWORD});let o=i.accounts.find(s=>s.providerId==="credential");if(!o)throw e.context.logger.error("Credential account not found",{email:t}),new _("UNAUTHORIZED",{message:b.INVALID_EMAIL_OR_PASSWORD});let a=o?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new _("UNAUTHORIZED",{message:b.INVALID_EMAIL_OR_PASSWORD});if(!await e.context.password.verify({hash:a,password:r}))throw e.context.logger.error("Invalid password"),new _("UNAUTHORIZED",{message:b.INVALID_EMAIL_OR_PASSWORD});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new _("UNAUTHORIZED",{message:b.EMAIL_NOT_VERIFIED});let s=await j(e.context.secret,i.user.email),d=`${e.context.baseURL}/verify-email?token=${s}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:d,token:s},e.request),e.context.logger.error("Email not verified",{email:t}),new _("FORBIDDEN",{message:b.EMAIL_NOT_VERIFIED})}let c=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!c)throw e.context.logger.error("Failed to create session"),new _("UNAUTHORIZED",{message:b.FAILED_TO_CREATE_SESSION});return await I(e,{session:c,user:i.user},e.body.rememberMe===!1),e.json({user:{id:i.user.id,email:i.user.email,name:i.user.name,image:i.user.image,emailVerified:i.user.emailVerified,createdAt:i.user.createdAt,updatedAt:i.user.updatedAt},redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as ie}from"zod";var ye=ie.object({code:ie.string().optional(),error:ie.string().optional(),error_description:ie.string().optional(),state:ie.string().optional()}),At=T("/callback/:id",{method:["GET","POST"],body:ye.optional(),query:ye.optional(),metadata:Z},async e=>{let t;try{if(e.method==="GET")t=ye.parse(e.query);else if(e.method==="POST")t=ye.parse(e.body);else throw new Error("Unsupported method")}catch(y){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",y),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:n,state:i,error_description:o}=t;if(!i)throw e.context.logger.error("State not found",n),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${n||"no_code"}&error_description=${o}`);let a=e.context.socialProviders.find(y=>y.id===e.params.id);if(!a)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:l,callbackURL:c,link:s,errorURL:d,newUserURL:p}=await Ke(e),m;try{m=await a.validateAuthorizationCode({code:r,codeVerifier:l,redirectURI:`${e.context.baseURL}/callback/${a.id}`})}catch(y){throw e.context.logger.error("",y),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let u=await a.getUserInfo(m).then(y=>y?.user);function f(y){let R=d||c||`${e.context.baseURL}/error`;throw R.includes("?")?R=`${R}&error=${y}`:R=`${R}?error=${y}`,e.redirect(R)}if(!u)return e.context.logger.error("Unable to get user info"),f("unable_to_get_user_info");if(!u.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),f("email_not_found");if(!c)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(s){if(s.email!==u.email.toLowerCase())return f("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:s.userId,providerId:a.id,accountId:u.id}))return f("unable_to_link_account");let R;try{R=c.toString()}catch{R=c}throw e.redirect(R)}let g=await he(e,{userInfo:{...u,email:u.email,name:u.name||u.email},account:{providerId:a.id,accountId:u.id,...m,scope:m.scopes?.join(",")},callbackURL:c});if(g.error)return e.context.logger.error(g.error.split(" ").join("_")),f(g.error.split(" ").join("_"));let{session:w,user:h}=g.data;await I(e,{session:w,user:h});let A;try{A=(g.isRegister&&p||c).toString()}catch{A=g.isRegister&&p||c}throw e.redirect(A)});import"zod";import{APIError as Yr}from"better-call";var bt=T("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw F(e),new Yr("BAD_REQUEST",{message:b.FAILED_TO_GET_SESSION});return await e.context.internalAdapter.deleteSession(t),F(e),e.json({success:!0})});import{z as N}from"zod";import{APIError as oe}from"better-call";function Rt(e,t,r){let n=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,o])=>n.searchParams.set(i,o)),n.href}function Xr(e,t,r){let n=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,o])=>n.searchParams.set(i,o)),n.href}var kt=T("/forget-password",{method:"POST",body:N.object({email:N.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:N.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new oe("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,o=B(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i,"sec"),a=q(24);await e.context.internalAdapter.createVerificationValue({value:n.user.id.toString(),identifier:`reset-password:${a}`,expiresAt:o});let l=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:n.user,url:l,token:a},e.request),e.json({status:!0})}),Tt=T("/reset-password/:token",{method:"GET",query:N.object({callbackURL:N.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Rt(e.context,r,{error:"INVALID_TOKEN"}));let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(Rt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Xr(e.context,r,{token:t}))}),Et=T("/reset-password",{query:N.optional(N.object({token:N.string().optional(),currentURL:N.string().optional()})),method:"POST",body:N.object({newPassword:N.string({description:"The new password to set"}),token:N.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new oe("BAD_REQUEST",{message:b.INVALID_TOKEN});let{newPassword:r}=e.body,n=e.context.password?.config.minPasswordLength,i=e.context.password?.config.maxPasswordLength;if(r.length<n)throw new oe("BAD_REQUEST",{message:b.PASSWORD_TOO_SHORT});if(r.length>i)throw new oe("BAD_REQUEST",{message:b.PASSWORD_TOO_LONG});let o=`reset-password:${t}`,a=await e.context.internalAdapter.findVerificationValue(o);if(!a||a.expiresAt<new Date)throw new oe("BAD_REQUEST",{message:b.INVALID_TOKEN});await e.context.internalAdapter.deleteVerificationValue(a.id);let l=a.value,c=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(l)).find(p=>p.providerId==="credential")?(await e.context.internalAdapter.updatePassword(l,c),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:l,providerId:"credential",password:c,accountId:l}),e.json({status:!0}))});import{z as v}from"zod";import{APIError as O}from"better-call";import{z as k}from"zod";import{APIError as en}from"better-call";var la=k.object({id:k.string(),providerId:k.string(),accountId:k.string(),userId:k.string(),accessToken:k.string().nullish(),refreshToken:k.string().nullish(),idToken:k.string().nullish(),accessTokenExpiresAt:k.date().nullish(),refreshTokenExpiresAt:k.date().nullish(),scope:k.string().nullish(),password:k.string().nullish(),createdAt:k.date().default(()=>new Date),updatedAt:k.date().default(()=>new Date)}),pa=k.object({id:k.string(),email:k.string().transform(e=>e.toLowerCase()),emailVerified:k.boolean().default(!1),name:k.string(),image:k.string().nullish(),createdAt:k.date().default(()=>new Date),updatedAt:k.date().default(()=>new Date)}),fa=k.object({id:k.string(),userId:k.string(),expiresAt:k.date(),createdAt:k.date().default(()=>new Date),updatedAt:k.date().default(()=>new Date),token:k.string(),ipAddress:k.string().nullish(),userAgent:k.string().nullish()}),ma=k.object({id:k.string(),value:k.string(),createdAt:k.date().default(()=>new Date),updatedAt:k.date().default(()=>new Date),expiresAt:k.date(),identifier:k.string()});function Ut(e,t){let r=t.fields,n={};for(let i in e){let o=r[i];if(!o){n[i]=e[i];continue}o.returned!==!1&&(n[i]=e[i])}return n}function _e(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let n of e.plugins||[])n.schema&&n.schema[t]&&(r={...r,...n.schema[t].fields});return r}function Ie(e,t){let r=_e(e,"user");return Ut(t,{fields:r})}function we(e,t){let r=_e(e,"session");return Ut(t,{fields:r})}function tn(e,t){let r=t.action||"create",n=t.fields,i={};for(let o in n){if(o in e){if(n[o].input===!1){if(n[o].defaultValue){i[o]=n[o].defaultValue;continue}continue}if(n[o].validator?.input&&e[o]!==void 0){i[o]=n[o].validator.input.parse(e[o]);continue}if(n[o].transform?.input&&e[o]!==void 0){i[o]=n[o].transform?.input(e[o]);continue}i[o]=e[o];continue}if(n[o].defaultValue&&r==="create"){i[o]=n[o].defaultValue;continue}if(n[o].required&&r==="create")throw new en("BAD_REQUEST",{message:`${o} is required`})}return i}function Ae(e,t,r){let n=_e(e,"user");return tn(t||{},{fields:n,action:r})}import{xchacha20poly1305 as Ea}from"@noble/ciphers/chacha";import{bytesToHex as xa,hexToBytes as Oa,utf8ToBytes as va}from"@noble/ciphers/utils";import{managedNonce as _a}from"@noble/ciphers/webcrypto";import{sha256 as Pa}from"oslo/crypto";import Da from"uncrypto";import{decodeHex as rn,encodeHex as xt}from"oslo/encoding";import{scryptAsync as nn}from"@noble/hashes/scrypt";import{getRandomValues as on}from"uncrypto";var J={N:16384,r:16,p:1,dkLen:64};async function Ot(e,t){return await nn(e.normalize("NFKC"),t,{N:J.N,p:J.p,r:J.r,dkLen:J.dkLen,maxmem:128*J.N*J.r*2})}var vt=async e=>{let t=xt(on(new Uint8Array(16))),r=await Ot(e,t);return`${t}:${xt(r)}`},St=async({hash:e,password:t})=>{let[r,n]=e.split(":"),i=await Ot(t,r);return Ee(i,rn(n))};import _t from"uncrypto";function sn(e){return e.toString(2).padStart(8,"0")}function an(e){return[...e].map(t=>sn(t)).join("")}function It(e){return parseInt(an(e),2)}function dn(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,n=new Uint8Array(Math.ceil(t/8));_t.getRandomValues(n),r!==0&&(n[0]&=(1<<r)-1);let i=It(n);for(;i>=e;)_t.getRandomValues(n),r!==0&&(n[0]&=(1<<r)-1),i=It(n);return i}function Pt(e,t){let r="";for(let n=0;n<e;n++)r+=t[dn(t.length)];return r}function Lt(...e){let t=new Set(e),r="";for(let n of t)n==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":n==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":n==="0-9"?r+="0123456789":r+=n;return r}var Dt=()=>T("/update-user",{method:"POST",body:v.record(v.string(),v.any()),use:[C],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new O("BAD_REQUEST",{message:b.EMAIL_CAN_NOT_BE_UPDATED});let{name:r,image:n,...i}=t,o=e.context.session;if(n===void 0&&r===void 0&&Object.keys(i).length===0)return e.json({id:o.user.id,email:o.user.email,name:o.user.name,image:o.user.image,emailVerified:o.user.emailVerified,createdAt:o.user.createdAt,updatedAt:o.user.updatedAt});let a=Ae(e.context.options,i,"update"),l=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:r,image:n,...a});return await I(e,{session:o.session,user:l}),e.json({id:l.id,email:l.email,name:l.name,image:l.image,emailVerified:l.emailVerified,createdAt:l.createdAt,updatedAt:l.updatedAt})}),Ct=T("/change-password",{method:"POST",body:v.object({newPassword:v.string({description:"The new password to set"}),currentPassword:v.string({description:"The current password"}),revokeOtherSessions:v.boolean({description:"Revoke all other sessions"}).optional()}),use:[C],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:n}=e.body,i=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new O("BAD_REQUEST",{message:b.PASSWORD_TOO_SHORT});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new O("BAD_REQUEST",{message:b.PASSWORD_TOO_LONG});let c=(await e.context.internalAdapter.findAccounts(i.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!c||!c.password)throw new O("BAD_REQUEST",{message:b.CREDENTIAL_ACCOUNT_NOT_FOUND});let s=await e.context.password.hash(t);if(!await e.context.password.verify({hash:c.password,password:r}))throw new O("BAD_REQUEST",{message:b.INVALID_PASSWORD});if(await e.context.internalAdapter.updateAccount(c.id,{password:s}),n){await e.context.internalAdapter.deleteSessions(i.user.id);let p=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!p)throw new O("INTERNAL_SERVER_ERROR",{message:b.FAILED_TO_GET_SESSION});await I(e,{session:p,user:i.user})}return e.json(i.user)}),Nt=T("/set-password",{method:"POST",body:v.object({newPassword:v.string()}),metadata:{SERVER_ONLY:!0},use:[C]},async e=>{let{newPassword:t}=e.body,r=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new O("BAD_REQUEST",{message:b.PASSWORD_TOO_SHORT});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new O("BAD_REQUEST",{message:b.PASSWORD_TOO_LONG});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(c=>c.providerId==="credential"&&c.password),l=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:l}),e.json(r.user);throw new O("BAD_REQUEST",{message:"user already has a password"})}),Bt=T("/delete-user",{method:"POST",use:[ut],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{if(!e.context.options.user?.deleteUser?.enabled)throw e.context.logger.error("Delete user is disabled. Enable it in the options",{session:e.context.session}),new O("NOT_FOUND");let t=e.context.session;if(e.context.options.user.deleteUser?.sendDeleteAccountVerification){let i=Pt(32,Lt("a-z","A-Z","0-9"));await e.context.internalAdapter.createVerificationValue({value:t.user.id,identifier:`delete-account-${i}`,expiresAt:new Date(Date.now()+1e3*60*60*24)});let o=`${e.context.baseURL}/delete-user/callback?token=${i}`;return await e.context.options.user.deleteUser.sendDeleteAccountVerification({user:t.user,url:o,token:i},e.request),e.json({success:!0,message:"Verification email sent"})}let r=e.context.options.user.deleteUser?.beforeDelete;r&&await r(t.user,e.request),await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),await e.context.internalAdapter.deleteAccounts(t.user.id),F(e);let n=e.context.options.user.deleteUser?.afterDelete;return n&&await n(t.user,e.request),e.json({success:!0,message:"User deleted"})}),Vt=T("/delete-user/callback",{method:"GET",query:v.object({token:v.string()})},async e=>{if(!e.context.options.user?.deleteUser?.enabled)throw e.context.logger.error("Delete user is disabled. Enable it in the options"),new O("NOT_FOUND");let t=await W(e);if(!t)throw new O("NOT_FOUND",{message:b.FAILED_TO_GET_USER_INFO});let r=await e.context.internalAdapter.findVerificationValue(`delete-account-${e.query.token}`);if(!r||r.expiresAt<new Date)throw r&&await e.context.internalAdapter.deleteVerificationValue(r.id),new O("NOT_FOUND",{message:b.INVALID_TOKEN});if(r.value!==t.user.id)throw new O("NOT_FOUND",{message:b.INVALID_TOKEN});let n=e.context.options.user.deleteUser?.beforeDelete;n&&await n(t.user,e.request),await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),await e.context.internalAdapter.deleteAccounts(t.user.id),await e.context.internalAdapter.deleteVerificationValue(r.id),F(e);let i=e.context.options.user.deleteUser?.afterDelete;return i&&await i(t.user,e.request),e.json({success:!0,message:"User deleted"})}),Ft=T("/change-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({newEmail:v.string({description:"The new email to set"}).email(),callbackURL:v.string({description:"The URL to redirect to after email verification"}).optional()}),use:[C],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new O("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new O("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new O("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new O("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,e.context.session.user.email,e.body.newEmail),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:n,token:r},e.request),e.json({user:null,status:!0})});var cn=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -80,4 +80,4 @@ Error: `,c),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,qt=T("/error",{method:"GET",metadata:{...Z,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string"}}}}}}}},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(cn(t),{headers:{"Content-Type":"text/html"}})});var jt=T("/ok",{method:"GET",metadata:{...Z,openapi:{description:"Check if the API is working",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean"}}}}}}}}}},async e=>e.json({ok:!0}));import{z as Y}from"zod";import{APIError as z}from"better-call";var $t=()=>T("/sign-up/email",{method:"POST",query:Y.object({currentURL:Y.string().optional()}).optional(),body:Y.record(Y.string(),Y.any()),metadata:{openapi:{description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["name","email","password"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{id:{type:"string",description:"The id of the user"},email:{type:"string",description:"The email of the user"},name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"},emailVerified:{type:"boolean",description:"If the email is verified"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new z("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:n,password:i,image:o,callbackURL:a,...l}=t;if(!Y.string().email().safeParse(n).success)throw new z("BAD_REQUEST",{message:b.INVALID_EMAIL});let s=e.context.password.config.minPasswordLength;if(i.length<s)throw e.context.logger.error("Password is too short"),new z("BAD_REQUEST",{message:b.PASSWORD_TOO_SHORT});let d=e.context.password.config.maxPasswordLength;if(i.length>d)throw e.context.logger.error("Password is too long"),new z("BAD_REQUEST",{message:b.PASSWORD_TOO_LONG});if((await e.context.internalAdapter.findUserByEmail(n))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${n}`),new z("UNPROCESSABLE_ENTITY",{message:b.USER_ALREADY_EXISTS});let m=Ae(e.context.options,l),u;try{if(u=await e.context.internalAdapter.createUser({email:n.toLowerCase(),name:r,image:o,...m,emailVerified:!1}),!u)throw new z("BAD_REQUEST",{message:b.FAILED_TO_CREATE_USER})}catch(w){throw ue&&e.context.logger.error("Failed to create user",w),new z("UNPROCESSABLE_ENTITY",{message:b.FAILED_TO_CREATE_USER,details:w})}if(!u)throw new z("UNPROCESSABLE_ENTITY",{message:b.FAILED_TO_CREATE_USER});let f=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:u.id,providerId:"credential",accountId:u.id,password:f}),e.context.options.emailVerification?.sendOnSignUp){let w=await j(e.context.secret,u.email),h=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:u,url:h,token:w},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({id:u.id,email:u.email,name:u.name,image:u.image,emailVerified:u.emailVerified});let g=await e.context.internalAdapter.createSession(u.id,e.request);if(!g)throw new z("BAD_REQUEST",{message:b.FAILED_TO_CREATE_SESSION});return await I(e,{session:g,user:u}),e.json({id:u.id,email:u.email,name:u.name,image:u.image,emailVerified:u.emailVerified,createdAt:u.createdAt,updatedAt:u.updatedAt})});import{z as se}from"zod";import{APIError as Mt}from"better-call";var zt=T("/list-accounts",{method:"GET",use:[C],metadata:{openapi:{description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},provider:{type:"string"}}}}}}}}}}},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(n=>({id:n.id,provider:n.providerId})))}),Ht=T("/link-social",{method:"POST",requireHeaders:!0,query:se.object({currentURL:se.string().optional()}).optional(),body:se.object({callbackURL:se.string({description:"The URL to redirect to after the user has signed in"}).optional(),provider:se.enum(ge,{description:"The OAuth2 provider to use"})}),use:[C],metadata:{openapi:{description:"Link a social account to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string"},redirect:{type:"boolean"}},required:["url","redirect"]}}}}}}}},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(l=>l.providerId===e.body.provider))throw new Mt("BAD_REQUEST",{message:b.SOCIAL_ACCOUNT_ALREADY_LINKED});let i=e.context.socialProviders.find(l=>l.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new Mt("NOT_FOUND",{message:b.PROVIDER_NOT_FOUND});let o=await fe(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:o.state,codeVerifier:o.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function be(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(Fe)return r;let i=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let a of i){let l=o.get(a);if(typeof l=="string"){let c=l.split(",")[0].trim();if(c)return c}}return null}function un(e,t,r){let n=Date.now(),i=t*1e3;return n-r.lastRequest<i&&r.count>=e}function ln(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function pn(e,t){let r=Date.now(),n=t*1e3;return Math.ceil((e+n-r)/1e3)}function fn(e,t){let r="rateLimit",n=e.adapter;return{get:async i=>(await n.findMany({model:r,where:[{field:"key",value:i}]}))[0],set:async(i,o,a)=>{try{a?await n.updateMany({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:o.count,lastRequest:o.lastRequest}}):await n.create({model:t??"rateLimit",data:{key:i,count:o.count,lastRequest:o.lastRequest}})}catch(l){e.logger.error("Error setting rate limit",l)}}}}var Gt=new Map;function mn(e){return e.options.rateLimit?.customStorage?e.options.rateLimit.customStorage:e.rateLimit.storage==="secondary-storage"?{get:async r=>{let n=await e.options.secondaryStorage?.get(r);return n?JSON.parse(n):void 0},set:async(r,n)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(n))}}:e.rateLimit.storage==="memory"?{async get(r){return Gt.get(r)},async set(r,n,i){Gt.set(r,n)}}:fn(e,e.rateLimit.modelName)}async function Wt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,n=e.url.replace(r,"").split("?")[0],i=t.rateLimit.window,o=t.rateLimit.max,a=be(e,t.options)+n,c=gn().find(m=>m.pathMatcher(n));c&&(i=c.window,o=c.max);for(let m of t.options.plugins||[])if(m.rateLimit){let u=m.rateLimit.find(f=>f.pathMatcher(n));if(u){i=u.window,o=u.max;break}}if(t.rateLimit.customRules){let m=Object.keys(t.rateLimit.customRules).find(u=>u.includes("*")?ae(u)(n):u===n);if(m){let u=t.rateLimit.customRules[m],f=typeof u=="function"?await u(e):u;f&&(i=f.window,o=f.max)}}let s=mn(t),d=await s.get(a),p=Date.now();if(!d)await s.set(a,{key:a,count:1,lastRequest:p});else{let m=p-d.lastRequest;if(un(o,i,d)){let u=pn(d.lastRequest,i);return ln(u)}else m>i*1e3?await s.set(a,{...d,count:1,lastRequest:p},!0):await s.set(a,{...d,count:d.count+1,lastRequest:p},!0)}}function gn(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}import Rn from"defu";import{APIError as ic}from"better-call";function Pe(e,t){let r=t.plugins?.reduce((l,c)=>({...l,...c.endpoints}),{}),n=t.plugins?.map(l=>l.middlewares?.map(c=>{let s=async d=>c.middleware({...d,context:{...e,...d.context}});return s.path=c.path,s.options=c.middleware.options,s.headers=c.middleware.headers,{path:c.path,middleware:s}})).filter(l=>l!==void 0).flat()||[],o={...{signInSocial:yt,callbackOAuth:At,getSession:Se(),signOut:bt,signUpEmail:$t(),signInEmail:wt,forgetPassword:kt,resetPassword:Et,verifyEmail:ht,sendVerificationEmail:gt,changeEmail:Ft,changePassword:Ct,setPassword:Nt,updateUser:Dt(),deleteUser:Bt,forgetPasswordCallback:Tt,listSessions:lt(),revokeSession:pt,revokeSessions:ft,revokeOtherSessions:mt,linkSocialAccount:Ht,listUserAccounts:zt,deleteUserCallback:Vt},...r,ok:jt,error:qt},a={};for(let[l,c]of Object.entries(o))a[l]=async(s={})=>{c.headers=new Headers;let d={setHeader(h,A){c.headers.set(h,A)},setCookie(h,A,y){An(c.headers,h,A,y)},getCookie(h,A){let R=s.headers?.get("cookie");return yn(R||"",h,A)},getSignedCookie(h,A,y){let R=s.headers;return R?wn(R,A,h,y):null},async setSignedCookie(h,A,y,R){await bn(c.headers,h,A,y,R)},redirect(h){return c.headers.set("Location",h),new K("FOUND")},responseHeader:c.headers},p=await e,m=null,u={...d,...s,path:c.path,context:{...p,...s.context,session:null,setNewSession:function(h){this.newSession=h,m=h}}},f=t.plugins||[];for(let h of f){let A=h.hooks?.before??[];for(let y of A){if(!y.matcher(u))continue;let R=await y.handler(u);if(R&&"context"in R){u=Rn(u,R.context);continue}if(R)return R}}let g;try{g=await c(u),m&&(u.context.newSession=m)}catch(h){if(m&&(u.context.newSession=m),h instanceof K){let A=t.plugins?.map(y=>{if(y.hooks?.after)return y.hooks.after}).filter(y=>y!==void 0).flat();if(!A?.length)throw h.headers=c.headers,h;u.context.returned=h,u.context.returned.headers=c.headers;for(let y of A||[])if(y.matcher(u))try{let S=await y.handler(u);S&&"response"in S&&(u.context.returned=S.response)}catch(S){if(S instanceof K){u.context.returned=S;continue}throw S}if(u.context.returned instanceof K)throw u.context.returned.headers=c.headers,u.context.returned;return u.context.returned}throw h}u.context.returned=g,u.responseHeader=c.headers;for(let h of t.plugins||[])if(h.hooks?.after){for(let A of h.hooks.after)if(A.matcher(u))try{let R=await A.handler(u);if(R)if("responseHeader"in R){let S=R.responseHeader;u.responseHeader=S}else u.context.returned=R}catch(R){if(R instanceof K){u.context.returned=R;continue}throw R}}let w=u.context.returned;return w instanceof Response&&c.headers.forEach((h,A)=>{A==="set-cookie"?w.headers.append(A,h):w.headers.set(A,h)}),w},a[l].path=c.path,a[l].method=c.method,a[l].options=c.options,a[l].headers=c.headers;return{api:a,middlewares:n}}var Kt=(e,t)=>{let{api:r,middlewares:n}=Pe(e,t),i=new URL(e.baseURL).pathname;return hn(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:Me},...n],async onRequest(o){for(let a of e.options.plugins||[])if(a.onRequest){let l=await a.onRequest(o,e);if(l&&"response"in l)return l.response}return Wt(o,e)},async onResponse(o){for(let a of e.options.plugins||[])if(a.onResponse){let l=await a.onResponse(o,e);if(l)return l.response}return o},onError(o){if(o instanceof K&&o.status==="FOUND")return;if(t.onAPIError?.throw)throw o;if(t.onAPIError?.onError){t.onAPIError.onError(o,e);return}let a=t.logger?.level,l=a==="error"||a==="warn"||a==="debug"?P:void 0;if(t.logger?.disabled!==!0){if(o&&typeof o=="object"&&"message"in o&&typeof o.message=="string"&&(o.message.includes("no column")||o.message.includes("column")||o.message.includes("relation")||o.message.includes("table")||o.message.includes("does not exist"))){e.logger?.error(o.message);return}o instanceof K?(o.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(o.status,o),l?.error(o.message)):e.logger?.error(o&&typeof o=="object"&&"name"in o?o.name:"",o)}}})};import{defu as Un}from"defu";function Zt(e,t){let r=t.hooks;async function n(a,l,c){let s=a;for(let m of r||[]){let u=m[l]?.create?.before;if(u){let f=await u(a);if(f===!1)return null;typeof f=="object"&&"data"in f&&(s=f.data)}}let d=c?await c.fn(s):null,p=!c||c.executeMainFn?await e.create({model:l,data:s}):d;for(let m of r||[]){let u=m[l]?.create?.after;u&&await u(p)}return p}async function i(a,l,c,s){let d=a;for(let u of r||[]){let f=u[c]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;d=typeof g=="object"?g.data:g}}let p=s?await s.fn(d):null,m=!s||s.executeMainFn?await e.update({model:c,update:d,where:l}):p;for(let u of r||[]){let f=u[c]?.update?.after;f&&await f(m)}return m}async function o(a,l,c,s){let d=a;for(let u of r||[]){let f=u[c]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;d=typeof g=="object"?g.data:g}}let p=s?await s.fn(d):null,m=!s||s.executeMainFn?await e.updateMany({model:c,update:d,where:l}):p;for(let u of r||[]){let f=u[c]?.update?.after;f&&await f(m)}return m}return{createWithHooks:n,updateWithHooks:i,updateManyWithHooks:o}}var Le=(e,t)=>{let r=t.options,n=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,{createWithHooks:o,updateWithHooks:a,updateManyWithHooks:l}=Zt(e,t),c=async s=>{await n?.set(s.token,JSON.stringify({session:s.session,user:s.user}),s.session.expiresAt?Math.floor(((s.session.expiresAt instanceof Date?s.session.expiresAt.getTime():new Date(s.session.expiresAt).getTime())-Date.now())/1e3):i)};return{createOAuthUser:async(s,d)=>{try{let p=await o({createdAt:new Date,updatedAt:new Date,...s},"user"),m=await o({...d,userId:p.id||s.id,createdAt:new Date,updatedAt:new Date},"account");return{user:p,account:m}}catch(p){return console.log(p),null}},createUser:async s=>await o({createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s,email:s.email.toLowerCase()},"user"),createAccount:async s=>await o({createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>{if(n){let p=await n.get(`active-sessions-${s}`);if(!p)return[];let m=Q(p)||[],u=Date.now(),f=m.filter(w=>w.expiresAt>u),g=[];for(let w of f){let h=await n.get(w.token);if(h){let A=JSON.parse(h),y=we(t.options,{...A.session,expiresAt:new Date(A.session.expiresAt)});g.push(y)}}return g}return await e.findMany({model:"session",where:[{field:"userId",value:s}]})},listUsers:async(s,d,p,m)=>await e.findMany({model:"user",limit:s,offset:d,sortBy:p,where:m}),deleteUser:async s=>{await e.deleteMany({model:"session",where:[{field:"userId",value:s}]}),await e.deleteMany({model:"account",where:[{field:"userId",value:s}]}),await e.delete({model:"user",where:[{field:"id",value:s}]})},createSession:async(s,d,p,m)=>{let u=d instanceof Request?d.headers:d,{id:f,...g}=m||{},w={ipAddress:d&&be(d,t.options)||"",userAgent:u?.get("user-agent")||"",...g,expiresAt:p?B(60*60*24,"sec"):B(i,"sec"),userId:s,token:q(32),createdAt:new Date,updatedAt:new Date};return await o(w,"session",n?{fn:async()=>{let A=await e.findOne({model:"user",where:[{field:"id",value:s}]});n.set(w.token,JSON.stringify({session:w,user:A}),i);let y=await n.get(`active-sessions-${s}`),R=[],S=Date.now();return y&&(R=Q(y)||[],R=R.filter(ar=>ar.expiresAt>S)),R.push({token:w.token,expiresAt:S+i*1e3}),await n.set(`active-sessions-${s}`,JSON.stringify(R),i),w},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(n){let f=await n.get(s);if(f){let g=JSON.parse(f),w=we(t.options,{...g.session,expiresAt:new Date(g.session.expiresAt),createdAt:new Date(g.session.createdAt),updatedAt:new Date(g.session.updatedAt)}),h=Ie(t.options,{...g.user,createdAt:new Date(g.user.createdAt),updatedAt:new Date(g.user.updatedAt)});return{session:w,user:h}}}let d=await e.findOne({model:"session",where:[{value:s,field:"token"}]});if(!d)return null;let p=await e.findOne({model:"user",where:[{value:d.userId,field:"id"}]});if(!p)return null;let m=we(t.options,d),u=Ie(t.options,p);return n&&await c({token:s,user:u,session:m}),{session:m,user:u}},findSessions:async s=>{if(n){let u=[];for(let f of s){let g=await n.get(f);if(g){let w=JSON.parse(g),h={session:{...w.session,expiresAt:new Date(w.session.expiresAt)},user:{...w.user,createdAt:new Date(w.user.createdAt),updatedAt:new Date(w.user.updatedAt)}};u.push(h)}}return u}let d=await e.findMany({model:"session",where:[{field:"token",value:s,operator:"in"}]}),p=d.map(u=>u.userId);if(!p.length)return[];let m=await e.findMany({model:"user",where:[{field:"id",value:p,operator:"in"}]});return d.map(u=>{let f=m.find(g=>g.id===u.userId);return f?{session:u,user:f}:null})},updateSession:async(s,d)=>await a(d,[{field:"token",value:s}],"session",n?{async fn(m){let u=await n.get(s),f=null;if(u){let g=JSON.parse(u);return f={...g.session,...m},await c({token:s,user:g.user,session:f}),f}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(n){await n.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:"session",where:[{field:"token",value:s}]});return}await e.delete({model:"session",where:[{field:"token",value:s}]})},deleteAccounts:async s=>{await e.deleteMany({model:"account",where:[{field:"userId",value:s}]})},deleteSessions:async s=>{if(n){if(typeof s=="string"){let d=await n.get(`active-sessions-${s}`),p=d?Q(d):[];if(!p)return;for(let m of p)await n.delete(m.token)}else for(let d of s)await n.get(d)&&await n.delete(d);r.session?.storeSessionInDatabase&&await e.deleteMany({model:"session",where:[{field:Array.isArray(s)?"token":"userId",value:s,operator:Array.isArray(s)?"in":void 0}]});return}await e.deleteMany({model:"session",where:[{field:Array.isArray(s)?"token":"userId",value:s,operator:Array.isArray(s)?"in":void 0}]})},findUserByEmail:async(s,d)=>{let p=await e.findOne({model:"user",where:[{value:s.toLowerCase(),field:"email"}]});if(!p)return null;if(d?.includeAccounts){let m=await e.findMany({model:"account",where:[{value:p.id,field:"userId"}]});return{user:p,accounts:m}}return{user:p,accounts:[]}},findUserById:async s=>await e.findOne({model:"user",where:[{field:"id",value:s}]}),linkAccount:async s=>await o({...s,createdAt:new Date,updatedAt:new Date},"account"),updateUser:async(s,d)=>await a(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await a(d,[{field:"email",value:s}],"user"),updatePassword:async(s,d)=>{await l({password:d},[{field:"userId",value:s},{field:"providerId",value:"credential"}],"account")},findAccounts:async s=>await e.findMany({model:"account",where:[{field:"userId",value:s}]}),findAccount:async s=>await e.findOne({model:"account",where:[{field:"accountId",value:s}]}),findAccountByUserId:async s=>await e.findMany({model:"account",where:[{field:"userId",value:s}]}),updateAccount:async(s,d)=>await a(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await o({createdAt:new Date,updatedAt:new Date,...s},"verification"),findVerificationValue:async s=>(await e.findMany({model:"verification",where:[{field:"identifier",value:s}],sortBy:{field:"createdAt",direction:"desc"},limit:1}))[0],deleteVerificationValue:async s=>{await e.delete({model:"verification",where:[{field:"id",value:s}]})},deleteVerificationByIdentifier:async s=>{await e.delete({model:"verification",where:[{field:"identifier",value:s}]})},updateVerificationValue:async(s,d)=>await a(d,[{field:"id",value:s}],"verification")}};var H=e=>{let t=e.plugins?.reduce((c,s)=>{let d=s.schema;if(!d)return c;for(let[p,m]of Object.entries(d))c[p]={fields:{...c[p]?.fields,...m.fields},modelName:m.modelName||p};return c},{}),r=e.rateLimit?.storage==="database",n={rateLimit:{modelName:e.rateLimit?.modelName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:o,account:a,...l}=t||{};return{user:{modelName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{modelName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},token:{type:"string",required:!0,fieldName:e.session?.fields?.token||"token",unique:!0},createdAt:{type:"date",required:!0,fieldName:e.session?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.session?.fields?.updatedAt||"updatedAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...o?.fields,...e.session?.additionalFields},order:2},account:{modelName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},accessTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"accessTokenExpiresAt"},refreshTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"refreshTokenExpiresAt"},scope:{type:"string",required:!1,fieldName:e.account?.fields?.scope||"scope"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},createdAt:{type:"date",required:!0,fieldName:e.account?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.account?.fields?.updatedAt||"updatedAt"},...a?.fields},order:3},verification:{modelName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"},createdAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.updatedAt||"updatedAt"}},order:4},...l,...r?n:{}}};import{z as hc}from"zod";import{Kysely as Qt,MssqlDialect as kn}from"kysely";import{MysqlDialect as Jt,PostgresDialect as Yt,SqliteDialect as Xt}from"kysely";function er(e){if(!e)return null;if("dialect"in e)return er(e.dialect);if("createDriver"in e){if(e instanceof Xt)return"sqlite";if(e instanceof Jt)return"mysql";if(e instanceof Yt)return"postgres";if(e instanceof kn)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var De=async e=>{let t=e.database;if(!t)return{kysely:null,databaseType:null};if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new Qt({dialect:t.dialect}),databaseType:t.type};let r,n=er(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new Xt({database:t})),"getConnection"in t&&(r=new Jt(t)),"connect"in t&&(r=new Yt({pool:t})),{kysely:r?new Qt({dialect:r}):null,databaseType:n}};function Re(e,t,r){return r==="update"?e:e==null&&t.defaultValue?typeof t.defaultValue=="function"?t.defaultValue():t.defaultValue:e}var Tn=(e,t,r)=>{let n=H(t);function i(s,d){if(d==="id")return d;let p=n[s].fields[d];return p||console.log("Field not found",s,d),p.fieldName||d}function o(s,d,p){let{type:m="sqlite"}=r||{},u=n[d].fields[p];return u.type==="boolean"&&m==="sqlite"&&s!==null&&s!==void 0?s?1:0:u.type==="date"&&s&&s instanceof Date&&m==="sqlite"?s.toISOString():s}function a(s,d,p){let{type:m="sqlite"}=r||{},u=n[d].fields[p];return u.type==="boolean"&&m==="sqlite"&&s!==null?s===1:u.type==="date"&&s?new Date(s):s}function l(s){return n[s].modelName}let c=t?.advanced?.generateId===!1;return{transformInput(s,d,p){let m=c||p==="update"?{}:{id:t.advanced?.generateId?t.advanced.generateId({model:d}):s.id||q()},u=n[d].fields;for(let f in u){let g=s[f];m[u[f].fieldName||f]=Re(o(g,d,f),u[f],p)}return m},transformOutput(s,d,p=[]){if(!s)return null;let m=s.id?p.length===0||p.includes("id")?{id:s.id}:{}:{},u=n[d].fields;for(let f in u){if(p.length&&!p.includes(f))continue;let g=u[f];g&&(m[f]=a(s[g.fieldName||f],d,f))}return m},convertWhereClause(s,d){if(!d)return{and:null,or:null};let p={and:[],or:[]};return d.forEach(m=>{let{field:u,value:f,operator:g="=",connector:w="AND"}=m,h=i(s,u),A=y=>g.toLowerCase()==="in"?y(h,"in",Array.isArray(f)?f:[f]):g==="contains"?y(h,"like",`%${f}%`):g==="starts_with"?y(h,"like",`${f}%`):g==="ends_with"?y(h,"like",`%${f}`):g==="eq"?y(h,"=",f):g==="ne"?y(h,"<>",f):g==="gt"?y(h,">",f):g==="gte"?y(h,">=",f):g==="lt"?y(h,"<",f):g==="lte"?y(h,"<=",f):y(h,g,f);w==="OR"?p.or.push(A):p.and.push(A)}),{and:p.and.length?p.and:null,or:p.or.length?p.or:null}},async withReturning(s,d,p,m){let u;if(r?.type!=="mysql")u=await d.returningAll().executeTakeFirst();else{await d.execute();let f=s.id?"id":m[0].field?m[0].field:"id",g=s[f]||m[0].value;u=await e.selectFrom(l(p)).selectAll().where(i(p,f),"=",g).executeTakeFirst()}return u},getModelName:l,getField:i}},tr=(e,t)=>r=>{let{transformInput:n,withReturning:i,transformOutput:o,convertWhereClause:a,getModelName:l,getField:c}=Tn(e,r,t);return{id:"kysely",async create(s){let{model:d,data:p,select:m}=s,u=n(p,d,"create"),f=e.insertInto(l(d)).values(u);return o(await i(u,f,d,[]),d,m)},async findOne(s){let{model:d,where:p,select:m}=s,{and:u,or:f}=a(d,p),g=e.selectFrom(l(d)).selectAll();u&&(g=g.where(h=>h.and(u.map(A=>A(h))))),f&&(g=g.where(h=>h.or(f.map(A=>A(h)))));let w=await g.executeTakeFirst();return w?o(w,d,m):null},async findMany(s){let{model:d,where:p,limit:m,offset:u,sortBy:f}=s,{and:g,or:w}=a(d,p),h=e.selectFrom(l(d));g&&(h=h.where(y=>y.and(g.map(R=>R(y))))),w&&(h=h.where(y=>y.or(w.map(R=>R(y))))),h=h.limit(m||100),u&&(h=h.offset(u)),f&&(h=h.orderBy(c(d,f.field),f.direction));let A=await h.selectAll().execute();return A?A.map(y=>o(y,d)):[]},async update(s){let{model:d,where:p,update:m}=s,{and:u,or:f}=a(d,p),g=n(m,d,"update"),w=e.updateTable(l(d)).set(g);return u&&(w=w.where(A=>A.and(u.map(y=>y(A))))),f&&(w=w.where(A=>A.or(f.map(y=>y(A))))),await o(await i(g,w,d,p),d)},async updateMany(s){let{model:d,where:p,update:m}=s,{and:u,or:f}=a(d,p),g=n(m,d,"update"),w=e.updateTable(l(d)).set(g);return u&&(w=w.where(A=>A.and(u.map(y=>y(A))))),f&&(w=w.where(A=>A.or(f.map(y=>y(A))))),(await w.execute()).length},async delete(s){let{model:d,where:p}=s,{and:m,or:u}=a(d,p),f=e.deleteFrom(l(d));m&&(f=f.where(g=>g.and(m.map(w=>w(g))))),u&&(f=f.where(g=>g.or(u.map(w=>w(g))))),await f.execute()},async deleteMany(s){let{model:d,where:p}=s,{and:m,or:u}=a(d,p),f=e.deleteFrom(l(d));return m&&(f=f.where(g=>g.and(m.map(w=>w(g))))),u&&(f=f.where(g=>g.or(u.map(w=>w(g))))),(await f.execute()).length},options:t}};var En=e=>{let t=H(e);function r(n,i){return i==="id"?i:t[n].fields[i].fieldName||i}return{transformInput(n,i,o){let a=o==="update"?{}:{id:e.advanced?.generateId?e.advanced.generateId({model:i}):n.id||q()},l=t[i].fields;for(let c in l){let s=n[c];s===void 0&&!l[c].defaultValue||(a[l[c].fieldName||c]=Re(s,l[c],o))}return a},transformOutput(n,i,o=[]){if(!n)return null;let a=n.id||n._id?o.length===0||o.includes("id")?{id:n.id}:{}:{},l=t[i].fields;for(let c in l){if(o.length&&!o.includes(c))continue;let s=l[c];s&&(a[c]=n[s.fieldName||c])}return a},convertWhereClause(n,i,o){return i.filter(a=>n.every(l=>{let{field:c,value:s,operator:d}=l,p=r(o,c);if(d==="in"){if(!Array.isArray(s))throw new Error("Value must be an array");return s.includes(a[p])}else return d==="contains"?a[p].includes(s):d==="starts_with"?a[p].startsWith(s):d==="ends_with"?a[p].endsWith(s):a[p]===s}))},getField:r}},rr=e=>t=>{let{transformInput:r,transformOutput:n,convertWhereClause:i,getField:o}=En(t);return{id:"memory",create:async({model:a,data:l})=>{let c=r(l,a,"create");return e[a].push(c),n(c,a)},findOne:async({model:a,where:l,select:c})=>{let s=e[a],p=i(l,s,a)[0]||null;return n(p,a,c)},findMany:async({model:a,where:l,sortBy:c,limit:s,offset:d})=>{let p=e[a];return l&&(p=i(l,p,a)),c&&(p=p.sort((m,u)=>{let f=o(a,c.field);return c.direction==="asc"?m[f]>u[f]?1:-1:m[f]<u[f]?1:-1})),d!==void 0&&(p=p.slice(d)),s!==void 0&&(p=p.slice(0,s)),p.map(m=>n(m,a))},update:async({model:a,where:l,update:c})=>{let s=e[a],d=i(l,s,a);return d.forEach(p=>{Object.assign(p,r(c,a,"update"))}),n(d[0],a)},delete:async({model:a,where:l})=>{let c=e[a],s=i(l,c,a);e[a]=c.filter(d=>!s.includes(d))},deleteMany:async({model:a,where:l})=>{let c=e[a],s=i(l,c,a),d=0;return e[a]=c.filter(p=>s.includes(p)?(d++,!1):!s.includes(p)),d},updateMany(a){let{model:l,where:c,update:s}=a,d=e[l],p=i(c,d,l);return p.forEach(m=>{Object.assign(m,s)}),p[0]||null}}};async function nr(e){if(!e.database){let n=H(e),i=Object.keys(n).reduce((o,a)=>(o[a]=[],o),{});return P.warn("No database configuration provided. Using memory adapter in development"),rr(i)(e)}if(typeof e.database=="function")return e.database(e);let{kysely:t,databaseType:r}=await De(e);if(!t)throw new D("Failed to initialize database adapter");return tr(t,{type:r||"sqlite"})(e)}var Ce="better-auth-secret-123456789";import{APIError as ir}from"better-call";async function or(e,t){let n=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=n?.password;if(!n||!i||!t.body.password)throw new ir("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify({hash:i,password:t.body.password}))throw new ir("BAD_REQUEST",{message:"Invalid password"});return!0}var sr=async e=>{let t=await nr(e),r=e.plugins||[],n=On(e),i=me(e.logger),o=re(e.baseURL,e.basePath),a=e.secret||L.BETTER_AUTH_SECRET||L.AUTH_SECRET||Ce;a===Ce&&te&&i.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:o?new URL(o).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(n),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let l=He(e),c=H(e),s=Object.keys(e.socialProviders||{}).map(u=>{let f=e.socialProviders?.[u];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&i.warn(`Social provider ${u} is missing clientId or clientSecret`),ve[u](f))}).filter(u=>u!==null),d=({model:u,size:f})=>typeof e?.advanced?.generateId=="function"?e.advanced.generateId({model:u,size:f}):q(f),p={appName:e.appName||"Better Auth",socialProviders:s,options:e,tables:c,trustedOrigins:vn(e),baseURL:o||"",sessionConfig:{updateAge:e.session?.updateAge!==void 0?e.session.updateAge:24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7,freshAge:e.session?.freshAge||60*5},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??te,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||(e.secondaryStorage?"secondary-storage":"memory")},authCookies:l,logger:i,generateId:d,session:null,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||vt,verify:e.emailAndPassword?.password?.verify||St,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:or},setNewSession(u){this.newSession=u},newSession:null,adapter:t,internalAdapter:Le(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[],generateId:d}),createAuthCookie:Ue(e)},{context:m}=xn(p);return m};function xn(e){let t=e.options,r=t.plugins||[],n=e,i=[];for(let o of r)if(o.init){let a=o.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=Un(t,a.options)),a.context&&(n={...n,...a.context}))}return i.push(t.databaseHooks),n.internalAdapter=Le(e.adapter,{options:t,hooks:i.filter(o=>o!==void 0),generateId:e.generateId}),n.options=t,{context:n}}function On(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function vn(e){let t=re(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let n=L.BETTER_AUTH_TRUSTED_ORIGINS;return n&&r.push(...n.split(",")),r}var Ou=e=>{let t=sr(e),{api:r}=Pe(t,e),n=e.plugins?.reduce((i,o)=>o.$ERROR_CODES?{...i,...o.$ERROR_CODES}:i,{});return{handler:async i=>{let o=await t,a=o.options.basePath||"/api/auth",l=new URL(i.url);if(!o.options.baseURL){let s=re(void 0,a)||`${l.origin}${a}`;o.options.baseURL=s,o.baseURL=s}o.trustedOrigins=[...e.trustedOrigins||[],o.baseURL,l.origin];let{handler:c}=Kt(o,e);return c(i)},api:r,options:e,$context:t,$Infer:{},$ErrorCodes:{...n,...b}}};export{D as BetterAuthError,Z as HIDE_METADATA,qe as MissingDependencyError,Ou as betterAuth,ro as capitalizeFirstLetter,Ue as createCookieGetter,me as createLogger,F as deleteSessionCookie,q as generateId,fe as generateState,He as getCookies,xe as levels,P as logger,ri as parseCookies,Kn as parseSetCookieHeader,Ke as parseState,I as setSessionCookie,Dr as shouldPublishLog};
+</html>`,qt=T("/error",{method:"GET",metadata:{...Z,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string"}}}}}}}},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(cn(t),{headers:{"Content-Type":"text/html"}})});var jt=T("/ok",{method:"GET",metadata:{...Z,openapi:{description:"Check if the API is working",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean"}}}}}}}}}},async e=>e.json({ok:!0}));import{z as Y}from"zod";import{APIError as z}from"better-call";var $t=()=>T("/sign-up/email",{method:"POST",query:Y.object({currentURL:Y.string().optional()}).optional(),body:Y.record(Y.string(),Y.any()),metadata:{openapi:{description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["name","email","password"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{id:{type:"string",description:"The id of the user"},email:{type:"string",description:"The email of the user"},name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"},emailVerified:{type:"boolean",description:"If the email is verified"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new z("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:n,password:i,image:o,callbackURL:a,...l}=t;if(!Y.string().email().safeParse(n).success)throw new z("BAD_REQUEST",{message:b.INVALID_EMAIL});let s=e.context.password.config.minPasswordLength;if(i.length<s)throw e.context.logger.error("Password is too short"),new z("BAD_REQUEST",{message:b.PASSWORD_TOO_SHORT});let d=e.context.password.config.maxPasswordLength;if(i.length>d)throw e.context.logger.error("Password is too long"),new z("BAD_REQUEST",{message:b.PASSWORD_TOO_LONG});if((await e.context.internalAdapter.findUserByEmail(n))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${n}`),new z("UNPROCESSABLE_ENTITY",{message:b.USER_ALREADY_EXISTS});let m=Ae(e.context.options,l),u;try{if(u=await e.context.internalAdapter.createUser({email:n.toLowerCase(),name:r,image:o,...m,emailVerified:!1}),!u)throw new z("BAD_REQUEST",{message:b.FAILED_TO_CREATE_USER})}catch(w){throw ue&&e.context.logger.error("Failed to create user",w),new z("UNPROCESSABLE_ENTITY",{message:b.FAILED_TO_CREATE_USER,details:w})}if(!u)throw new z("UNPROCESSABLE_ENTITY",{message:b.FAILED_TO_CREATE_USER});let f=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:u.id,providerId:"credential",accountId:u.id,password:f}),e.context.options.emailVerification?.sendOnSignUp){let w=await j(e.context.secret,u.email),h=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:u,url:h,token:w},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({id:u.id,email:u.email,name:u.name,image:u.image,emailVerified:u.emailVerified});let g=await e.context.internalAdapter.createSession(u.id,e.request);if(!g)throw new z("BAD_REQUEST",{message:b.FAILED_TO_CREATE_SESSION});return await I(e,{session:g,user:u}),e.json({id:u.id,email:u.email,name:u.name,image:u.image,emailVerified:u.emailVerified,createdAt:u.createdAt,updatedAt:u.updatedAt})});import{z as se}from"zod";import{APIError as Mt}from"better-call";var zt=T("/list-accounts",{method:"GET",use:[C],metadata:{openapi:{description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},provider:{type:"string"}}}}}}}}}}},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(n=>({id:n.id,provider:n.providerId})))}),Ht=T("/link-social",{method:"POST",requireHeaders:!0,query:se.object({currentURL:se.string().optional()}).optional(),body:se.object({callbackURL:se.string({description:"The URL to redirect to after the user has signed in"}).optional(),provider:se.enum(ge,{description:"The OAuth2 provider to use"})}),use:[C],metadata:{openapi:{description:"Link a social account to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string"},redirect:{type:"boolean"}},required:["url","redirect"]}}}}}}}},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(l=>l.providerId===e.body.provider))throw new Mt("BAD_REQUEST",{message:b.SOCIAL_ACCOUNT_ALREADY_LINKED});let i=e.context.socialProviders.find(l=>l.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new Mt("NOT_FOUND",{message:b.PROVIDER_NOT_FOUND});let o=await fe(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:o.state,codeVerifier:o.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function be(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(Fe)return r;let i=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let a of i){let l=o.get(a);if(typeof l=="string"){let c=l.split(",")[0].trim();if(c)return c}}return null}function un(e,t,r){let n=Date.now(),i=t*1e3;return n-r.lastRequest<i&&r.count>=e}function ln(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function pn(e,t){let r=Date.now(),n=t*1e3;return Math.ceil((e+n-r)/1e3)}function fn(e,t){let r="rateLimit",n=e.adapter;return{get:async i=>(await n.findMany({model:r,where:[{field:"key",value:i}]}))[0],set:async(i,o,a)=>{try{a?await n.updateMany({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:o.count,lastRequest:o.lastRequest}}):await n.create({model:t??"rateLimit",data:{key:i,count:o.count,lastRequest:o.lastRequest}})}catch(l){e.logger.error("Error setting rate limit",l)}}}}var Gt=new Map;function mn(e){return e.options.rateLimit?.customStorage?e.options.rateLimit.customStorage:e.rateLimit.storage==="secondary-storage"?{get:async r=>{let n=await e.options.secondaryStorage?.get(r);return n?JSON.parse(n):void 0},set:async(r,n)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(n))}}:e.rateLimit.storage==="memory"?{async get(r){return Gt.get(r)},async set(r,n,i){Gt.set(r,n)}}:fn(e,e.rateLimit.modelName)}async function Wt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,n=e.url.replace(r,"").split("?")[0],i=t.rateLimit.window,o=t.rateLimit.max,a=be(e,t.options)+n,c=gn().find(m=>m.pathMatcher(n));c&&(i=c.window,o=c.max);for(let m of t.options.plugins||[])if(m.rateLimit){let u=m.rateLimit.find(f=>f.pathMatcher(n));if(u){i=u.window,o=u.max;break}}if(t.rateLimit.customRules){let m=Object.keys(t.rateLimit.customRules).find(u=>u.includes("*")?ae(u)(n):u===n);if(m){let u=t.rateLimit.customRules[m],f=typeof u=="function"?await u(e):u;f&&(i=f.window,o=f.max)}}let s=mn(t),d=await s.get(a),p=Date.now();if(!d)await s.set(a,{key:a,count:1,lastRequest:p});else{let m=p-d.lastRequest;if(un(o,i,d)){let u=pn(d.lastRequest,i);return ln(u)}else m>i*1e3?await s.set(a,{...d,count:1,lastRequest:p},!0):await s.set(a,{...d,count:d.count+1,lastRequest:p},!0)}}function gn(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}import Rn from"defu";import{APIError as ic}from"better-call";function Pe(e,t){let r=t.plugins?.reduce((l,c)=>({...l,...c.endpoints}),{}),n=t.plugins?.map(l=>l.middlewares?.map(c=>{let s=async d=>c.middleware({...d,context:{...e,...d.context}});return s.path=c.path,s.options=c.middleware.options,s.headers=c.middleware.headers,{path:c.path,middleware:s}})).filter(l=>l!==void 0).flat()||[],o={...{signInSocial:yt,callbackOAuth:At,getSession:Se(),signOut:bt,signUpEmail:$t(),signInEmail:wt,forgetPassword:kt,resetPassword:Et,verifyEmail:ht,sendVerificationEmail:gt,changeEmail:Ft,changePassword:Ct,setPassword:Nt,updateUser:Dt(),deleteUser:Bt,forgetPasswordCallback:Tt,listSessions:lt(),revokeSession:pt,revokeSessions:ft,revokeOtherSessions:mt,linkSocialAccount:Ht,listUserAccounts:zt,deleteUserCallback:Vt},...r,ok:jt,error:qt},a={};for(let[l,c]of Object.entries(o))a[l]=async(s={})=>{c.headers=new Headers;let d={setHeader(h,A){c.headers.set(h,A)},setCookie(h,A,y){An(c.headers,h,A,y)},getCookie(h,A){let R=s.headers?.get("cookie");return yn(R||"",h,A)},getSignedCookie(h,A,y){let R=s.headers;return R?wn(R,A,h,y):null},async setSignedCookie(h,A,y,R){await bn(c.headers,h,A,y,R)},redirect(h){return c.headers.set("Location",h),new K("FOUND")},responseHeader:c.headers},p=await e,m=null,u={...d,...s,path:c.path,context:{...p,...s.context,session:null,setNewSession:function(h){this.newSession=h,m=h}}},f=t.plugins||[];for(let h of f){let A=h.hooks?.before??[];for(let y of A){if(!y.matcher(u))continue;let R=await y.handler(u);if(R&&"context"in R){u=Rn(u,R.context);continue}if(R)return R}}let g;try{g=await c(u),m&&(u.context.newSession=m)}catch(h){if(m&&(u.context.newSession=m),h instanceof K){let A=t.plugins?.map(y=>{if(y.hooks?.after)return y.hooks.after}).filter(y=>y!==void 0).flat();if(!A?.length)throw h.headers=c.headers,h;u.context.returned=h,u.context.returned.headers=c.headers;for(let y of A||[])if(y.matcher(u))try{let S=await y.handler(u);S&&"response"in S&&(u.context.returned=S.response)}catch(S){if(S instanceof K){u.context.returned=S;continue}throw S}if(u.context.returned instanceof K)throw u.context.returned.headers=c.headers,u.context.returned;return u.context.returned}throw h}u.context.returned=g,u.responseHeader=c.headers;for(let h of t.plugins||[])if(h.hooks?.after){for(let A of h.hooks.after)if(A.matcher(u))try{let R=await A.handler(u);if(R)if("responseHeader"in R){let S=R.responseHeader;u.responseHeader=S}else u.context.returned=R}catch(R){if(R instanceof K){u.context.returned=R;continue}throw R}}let w=u.context.returned;return w instanceof Response&&c.headers.forEach((h,A)=>{A==="set-cookie"?w.headers.append(A,h):w.headers.set(A,h)}),w},a[l].path=c.path,a[l].method=c.method,a[l].options=c.options,a[l].headers=c.headers;return{api:a,middlewares:n}}var Kt=(e,t)=>{let{api:r,middlewares:n}=Pe(e,t),i=new URL(e.baseURL).pathname;return hn(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:Me},...n],async onRequest(o){for(let a of e.options.plugins||[])if(a.onRequest){let l=await a.onRequest(o,e);if(l&&"response"in l)return l.response}return Wt(o,e)},async onResponse(o){for(let a of e.options.plugins||[])if(a.onResponse){let l=await a.onResponse(o,e);if(l)return l.response}return o},onError(o){if(o instanceof K&&o.status==="FOUND")return;if(t.onAPIError?.throw)throw o;if(t.onAPIError?.onError){t.onAPIError.onError(o,e);return}let a=t.logger?.level,l=a==="error"||a==="warn"||a==="debug"?P:void 0;if(t.logger?.disabled!==!0){if(o&&typeof o=="object"&&"message"in o&&typeof o.message=="string"&&(o.message.includes("no column")||o.message.includes("column")||o.message.includes("relation")||o.message.includes("table")||o.message.includes("does not exist"))){e.logger?.error(o.message);return}o instanceof K?(o.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(o.status,o),l?.error(o.message)):e.logger?.error(o&&typeof o=="object"&&"name"in o?o.name:"",o)}}})};import{defu as Un}from"defu";function Zt(e,t){let r=t.hooks;async function n(a,l,c){let s=a;for(let m of r||[]){let u=m[l]?.create?.before;if(u){let f=await u(a);if(f===!1)return null;typeof f=="object"&&"data"in f&&(s=f.data)}}let d=c?await c.fn(s):null,p=!c||c.executeMainFn?await e.create({model:l,data:s}):d;for(let m of r||[]){let u=m[l]?.create?.after;u&&await u(p)}return p}async function i(a,l,c,s){let d=a;for(let u of r||[]){let f=u[c]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;d=typeof g=="object"?g.data:g}}let p=s?await s.fn(d):null,m=!s||s.executeMainFn?await e.update({model:c,update:d,where:l}):p;for(let u of r||[]){let f=u[c]?.update?.after;f&&await f(m)}return m}async function o(a,l,c,s){let d=a;for(let u of r||[]){let f=u[c]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;d=typeof g=="object"?g.data:g}}let p=s?await s.fn(d):null,m=!s||s.executeMainFn?await e.updateMany({model:c,update:d,where:l}):p;for(let u of r||[]){let f=u[c]?.update?.after;f&&await f(m)}return m}return{createWithHooks:n,updateWithHooks:i,updateManyWithHooks:o}}var Le=(e,t)=>{let r=t.options,n=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,{createWithHooks:o,updateWithHooks:a,updateManyWithHooks:l}=Zt(e,t),c=async s=>{await n?.set(s.token,JSON.stringify({session:s.session,user:s.user}),s.session.expiresAt?Math.floor(((s.session.expiresAt instanceof Date?s.session.expiresAt.getTime():new Date(s.session.expiresAt).getTime())-Date.now())/1e3):i)};return{createOAuthUser:async(s,d)=>{try{let p=await o({createdAt:new Date,updatedAt:new Date,...s},"user"),m=await o({...d,userId:p.id||s.id,createdAt:new Date,updatedAt:new Date},"account");return{user:p,account:m}}catch(p){return console.log(p),null}},createUser:async s=>await o({createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s,email:s.email.toLowerCase()},"user"),createAccount:async s=>await o({createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>{if(n){let p=await n.get(`active-sessions-${s}`);if(!p)return[];let m=Q(p)||[],u=Date.now(),f=m.filter(w=>w.expiresAt>u),g=[];for(let w of f){let h=await n.get(w.token);if(h){let A=JSON.parse(h),y=we(t.options,{...A.session,expiresAt:new Date(A.session.expiresAt)});g.push(y)}}return g}return await e.findMany({model:"session",where:[{field:"userId",value:s}]})},listUsers:async(s,d,p,m)=>await e.findMany({model:"user",limit:s,offset:d,sortBy:p,where:m}),deleteUser:async s=>{await e.deleteMany({model:"session",where:[{field:"userId",value:s}]}),await e.deleteMany({model:"account",where:[{field:"userId",value:s}]}),await e.delete({model:"user",where:[{field:"id",value:s}]})},createSession:async(s,d,p,m)=>{let u=d instanceof Request?d.headers:d,{id:f,...g}=m||{},w={ipAddress:d&&be(d,t.options)||"",userAgent:u?.get("user-agent")||"",...g,expiresAt:p?B(60*60*24,"sec"):B(i,"sec"),userId:s,token:q(32),createdAt:new Date,updatedAt:new Date};return await o(w,"session",n?{fn:async()=>{let A=await e.findOne({model:"user",where:[{field:"id",value:s}]});n.set(w.token,JSON.stringify({session:w,user:A}),i);let y=await n.get(`active-sessions-${s}`),R=[],S=Date.now();return y&&(R=Q(y)||[],R=R.filter(ar=>ar.expiresAt>S)),R.push({token:w.token,expiresAt:S+i*1e3}),await n.set(`active-sessions-${s}`,JSON.stringify(R),i),w},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(n){let f=await n.get(s);if(f){let g=JSON.parse(f),w=we(t.options,{...g.session,expiresAt:new Date(g.session.expiresAt),createdAt:new Date(g.session.createdAt),updatedAt:new Date(g.session.updatedAt)}),h=Ie(t.options,{...g.user,createdAt:new Date(g.user.createdAt),updatedAt:new Date(g.user.updatedAt)});return{session:w,user:h}}}let d=await e.findOne({model:"session",where:[{value:s,field:"token"}]});if(!d)return null;let p=await e.findOne({model:"user",where:[{value:d.userId,field:"id"}]});if(!p)return null;let m=we(t.options,d),u=Ie(t.options,p);return n&&await c({token:s,user:u,session:m}),{session:m,user:u}},findSessions:async s=>{if(n){let u=[];for(let f of s){let g=await n.get(f);if(g){let w=JSON.parse(g),h={session:{...w.session,expiresAt:new Date(w.session.expiresAt)},user:{...w.user,createdAt:new Date(w.user.createdAt),updatedAt:new Date(w.user.updatedAt)}};u.push(h)}}return u}let d=await e.findMany({model:"session",where:[{field:"token",value:s,operator:"in"}]}),p=d.map(u=>u.userId);if(!p.length)return[];let m=await e.findMany({model:"user",where:[{field:"id",value:p,operator:"in"}]});return d.map(u=>{let f=m.find(g=>g.id===u.userId);return f?{session:u,user:f}:null})},updateSession:async(s,d)=>await a(d,[{field:"token",value:s}],"session",n?{async fn(m){let u=await n.get(s),f=null;if(u){let g=JSON.parse(u);return f={...g.session,...m},await c({token:s,user:g.user,session:f}),f}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(n){await n.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:"session",where:[{field:"token",value:s}]});return}await e.delete({model:"session",where:[{field:"token",value:s}]})},deleteAccounts:async s=>{await e.deleteMany({model:"account",where:[{field:"userId",value:s}]})},deleteSessions:async s=>{if(n){if(typeof s=="string"){let d=await n.get(`active-sessions-${s}`),p=d?Q(d):[];if(!p)return;for(let m of p)await n.delete(m.token)}else for(let d of s)await n.get(d)&&await n.delete(d);r.session?.storeSessionInDatabase&&await e.deleteMany({model:"session",where:[{field:Array.isArray(s)?"token":"userId",value:s,operator:Array.isArray(s)?"in":void 0}]});return}await e.deleteMany({model:"session",where:[{field:Array.isArray(s)?"token":"userId",value:s,operator:Array.isArray(s)?"in":void 0}]})},findUserByEmail:async(s,d)=>{let p=await e.findOne({model:"user",where:[{value:s.toLowerCase(),field:"email"}]});if(!p)return null;if(d?.includeAccounts){let m=await e.findMany({model:"account",where:[{value:p.id,field:"userId"}]});return{user:p,accounts:m}}return{user:p,accounts:[]}},findUserById:async s=>await e.findOne({model:"user",where:[{field:"id",value:s}]}),linkAccount:async s=>await o({...s,createdAt:new Date,updatedAt:new Date},"account"),updateUser:async(s,d)=>await a(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await a(d,[{field:"email",value:s}],"user"),updatePassword:async(s,d)=>{await l({password:d},[{field:"userId",value:s},{field:"providerId",value:"credential"}],"account")},findAccounts:async s=>await e.findMany({model:"account",where:[{field:"userId",value:s}]}),findAccount:async s=>await e.findOne({model:"account",where:[{field:"accountId",value:s}]}),findAccountByUserId:async s=>await e.findMany({model:"account",where:[{field:"userId",value:s}]}),updateAccount:async(s,d)=>await a(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await o({createdAt:new Date,updatedAt:new Date,...s},"verification"),findVerificationValue:async s=>(await e.findMany({model:"verification",where:[{field:"identifier",value:s}],sortBy:{field:"createdAt",direction:"desc"},limit:1}))[0],deleteVerificationValue:async s=>{await e.delete({model:"verification",where:[{field:"id",value:s}]})},deleteVerificationByIdentifier:async s=>{await e.delete({model:"verification",where:[{field:"identifier",value:s}]})},updateVerificationValue:async(s,d)=>await a(d,[{field:"id",value:s}],"verification")}};var H=e=>{let t=e.plugins?.reduce((c,s)=>{let d=s.schema;if(!d)return c;for(let[p,m]of Object.entries(d))c[p]={fields:{...c[p]?.fields,...m.fields},modelName:m.modelName||p};return c},{}),r=e.rateLimit?.storage==="database",n={rateLimit:{modelName:e.rateLimit?.modelName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:o,account:a,...l}=t||{};return{user:{modelName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{modelName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},token:{type:"string",required:!0,fieldName:e.session?.fields?.token||"token",unique:!0},createdAt:{type:"date",required:!0,fieldName:e.session?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.session?.fields?.updatedAt||"updatedAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...o?.fields,...e.session?.additionalFields},order:2},account:{modelName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},accessTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"accessTokenExpiresAt"},refreshTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"refreshTokenExpiresAt"},scope:{type:"string",required:!1,fieldName:e.account?.fields?.scope||"scope"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},createdAt:{type:"date",required:!0,fieldName:e.account?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.account?.fields?.updatedAt||"updatedAt"},...a?.fields},order:3},verification:{modelName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"},createdAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.updatedAt||"updatedAt"}},order:4},...l,...r?n:{}}};import{z as hc}from"zod";import{Kysely as Qt,MssqlDialect as kn}from"kysely";import{MysqlDialect as Jt,PostgresDialect as Yt,SqliteDialect as Xt}from"kysely";function er(e){if(!e)return null;if("dialect"in e)return er(e.dialect);if("createDriver"in e){if(e instanceof Xt)return"sqlite";if(e instanceof Jt)return"mysql";if(e instanceof Yt)return"postgres";if(e instanceof kn)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var De=async e=>{let t=e.database;if(!t)return{kysely:null,databaseType:null};if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new Qt({dialect:t.dialect}),databaseType:t.type};let r,n=er(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new Xt({database:t})),"getConnection"in t&&(r=new Jt(t)),"connect"in t&&(r=new Yt({pool:t})),{kysely:r?new Qt({dialect:r}):null,databaseType:n}};function Re(e,t,r){return r==="update"?e:e==null&&t.defaultValue?typeof t.defaultValue=="function"?t.defaultValue():t.defaultValue:e}var Tn=(e,t,r)=>{let n=H(t);function i(s,d){if(d==="id")return d;let p=n[s].fields[d];return p||console.log("Field not found",s,d),p.fieldName||d}function o(s,d,p){let{type:m="sqlite"}=r||{},u=n[d].fields[p];return u.type==="boolean"&&m==="sqlite"&&s!==null&&s!==void 0?s?1:0:u.type==="date"&&s&&s instanceof Date&&m==="sqlite"?s.toISOString():s}function a(s,d,p){let{type:m="sqlite"}=r||{},u=n[d].fields[p];return u.type==="boolean"&&m==="sqlite"&&s!==null?s===1:u.type==="date"&&s?new Date(s):s}function l(s){return n[s].modelName}let c=t?.advanced?.generateId===!1;return{transformInput(s,d,p){let m=c||p==="update"?{}:{id:t.advanced?.generateId?t.advanced.generateId({model:d}):s.id||q()},u=n[d].fields;for(let f in u){let g=s[f];m[u[f].fieldName||f]=Re(o(g,d,f),u[f],p)}return m},transformOutput(s,d,p=[]){if(!s)return null;let m=s.id?p.length===0||p.includes("id")?{id:s.id}:{}:{},u=n[d].fields;for(let f in u){if(p.length&&!p.includes(f))continue;let g=u[f];g&&(m[f]=a(s[g.fieldName||f],d,f))}return m},convertWhereClause(s,d){if(!d)return{and:null,or:null};let p={and:[],or:[]};return d.forEach(m=>{let{field:u,value:f,operator:g="=",connector:w="AND"}=m,h=i(s,u),A=y=>g.toLowerCase()==="in"?y(h,"in",Array.isArray(f)?f:[f]):g==="contains"?y(h,"like",`%${f}%`):g==="starts_with"?y(h,"like",`${f}%`):g==="ends_with"?y(h,"like",`%${f}`):g==="eq"?y(h,"=",f):g==="ne"?y(h,"<>",f):g==="gt"?y(h,">",f):g==="gte"?y(h,">=",f):g==="lt"?y(h,"<",f):g==="lte"?y(h,"<=",f):y(h,g,f);w==="OR"?p.or.push(A):p.and.push(A)}),{and:p.and.length?p.and:null,or:p.or.length?p.or:null}},async withReturning(s,d,p,m){let u;if(r?.type!=="mysql")u=await d.returningAll().executeTakeFirst();else{await d.execute();let f=s.id?"id":m[0].field?m[0].field:"id",g=s[f]||m[0].value;u=await e.selectFrom(l(p)).selectAll().where(i(p,f),"=",g).executeTakeFirst()}return u},getModelName:l,getField:i}},tr=(e,t)=>r=>{let{transformInput:n,withReturning:i,transformOutput:o,convertWhereClause:a,getModelName:l,getField:c}=Tn(e,r,t);return{id:"kysely",async create(s){let{model:d,data:p,select:m}=s,u=n(p,d,"create"),f=e.insertInto(l(d)).values(u);return o(await i(u,f,d,[]),d,m)},async findOne(s){let{model:d,where:p,select:m}=s,{and:u,or:f}=a(d,p),g=e.selectFrom(l(d)).selectAll();u&&(g=g.where(h=>h.and(u.map(A=>A(h))))),f&&(g=g.where(h=>h.or(f.map(A=>A(h)))));let w=await g.executeTakeFirst();return w?o(w,d,m):null},async findMany(s){let{model:d,where:p,limit:m,offset:u,sortBy:f}=s,{and:g,or:w}=a(d,p),h=e.selectFrom(l(d));g&&(h=h.where(y=>y.and(g.map(R=>R(y))))),w&&(h=h.where(y=>y.or(w.map(R=>R(y))))),h=h.limit(m||100),u&&(h=h.offset(u)),f&&(h=h.orderBy(c(d,f.field),f.direction));let A=await h.selectAll().execute();return A?A.map(y=>o(y,d)):[]},async update(s){let{model:d,where:p,update:m}=s,{and:u,or:f}=a(d,p),g=n(m,d,"update"),w=e.updateTable(l(d)).set(g);return u&&(w=w.where(A=>A.and(u.map(y=>y(A))))),f&&(w=w.where(A=>A.or(f.map(y=>y(A))))),await o(await i(g,w,d,p),d)},async updateMany(s){let{model:d,where:p,update:m}=s,{and:u,or:f}=a(d,p),g=n(m,d,"update"),w=e.updateTable(l(d)).set(g);return u&&(w=w.where(A=>A.and(u.map(y=>y(A))))),f&&(w=w.where(A=>A.or(f.map(y=>y(A))))),(await w.execute()).length},async delete(s){let{model:d,where:p}=s,{and:m,or:u}=a(d,p),f=e.deleteFrom(l(d));m&&(f=f.where(g=>g.and(m.map(w=>w(g))))),u&&(f=f.where(g=>g.or(u.map(w=>w(g))))),await f.execute()},async deleteMany(s){let{model:d,where:p}=s,{and:m,or:u}=a(d,p),f=e.deleteFrom(l(d));return m&&(f=f.where(g=>g.and(m.map(w=>w(g))))),u&&(f=f.where(g=>g.or(u.map(w=>w(g))))),(await f.execute()).length},options:t}};var En=e=>{let t=H(e);function r(n,i){return i==="id"?i:t[n].fields[i].fieldName||i}return{transformInput(n,i,o){let a=o==="update"?{}:{id:e.advanced?.generateId?e.advanced.generateId({model:i}):n.id||q()},l=t[i].fields;for(let c in l){let s=n[c];s===void 0&&!l[c].defaultValue||(a[l[c].fieldName||c]=Re(s,l[c],o))}return a},transformOutput(n,i,o=[]){if(!n)return null;let a=n.id||n._id?o.length===0||o.includes("id")?{id:n.id}:{}:{},l=t[i].fields;for(let c in l){if(o.length&&!o.includes(c))continue;let s=l[c];s&&(a[c]=n[s.fieldName||c])}return a},convertWhereClause(n,i,o){return i.filter(a=>n.every(l=>{let{field:c,value:s,operator:d}=l,p=r(o,c);if(d==="in"){if(!Array.isArray(s))throw new Error("Value must be an array");return s.includes(a[p])}else return d==="contains"?a[p].includes(s):d==="starts_with"?a[p].startsWith(s):d==="ends_with"?a[p].endsWith(s):a[p]===s}))},getField:r}},rr=e=>t=>{let{transformInput:r,transformOutput:n,convertWhereClause:i,getField:o}=En(t);return{id:"memory",create:async({model:a,data:l})=>{let c=r(l,a,"create");return e[a].push(c),n(c,a)},findOne:async({model:a,where:l,select:c})=>{let s=e[a],p=i(l,s,a)[0]||null;return n(p,a,c)},findMany:async({model:a,where:l,sortBy:c,limit:s,offset:d})=>{let p=e[a];return l&&(p=i(l,p,a)),c&&(p=p.sort((m,u)=>{let f=o(a,c.field);return c.direction==="asc"?m[f]>u[f]?1:-1:m[f]<u[f]?1:-1})),d!==void 0&&(p=p.slice(d)),s!==void 0&&(p=p.slice(0,s)),p.map(m=>n(m,a))},update:async({model:a,where:l,update:c})=>{let s=e[a],d=i(l,s,a);return d.forEach(p=>{Object.assign(p,r(c,a,"update"))}),n(d[0],a)},delete:async({model:a,where:l})=>{let c=e[a],s=i(l,c,a);e[a]=c.filter(d=>!s.includes(d))},deleteMany:async({model:a,where:l})=>{let c=e[a],s=i(l,c,a),d=0;return e[a]=c.filter(p=>s.includes(p)?(d++,!1):!s.includes(p)),d},updateMany(a){let{model:l,where:c,update:s}=a,d=e[l],p=i(c,d,l);return p.forEach(m=>{Object.assign(m,s)}),p[0]||null}}};async function nr(e){if(!e.database){let n=H(e),i=Object.keys(n).reduce((o,a)=>(o[a]=[],o),{});return P.warn("No database configuration provided. Using memory adapter in development"),rr(i)(e)}if(typeof e.database=="function")return e.database(e);let{kysely:t,databaseType:r}=await De(e);if(!t)throw new D("Failed to initialize database adapter");return tr(t,{type:r||"sqlite"})(e)}var Ce="better-auth-secret-123456789";import{APIError as ir}from"better-call";async function or(e,t){let n=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=n?.password;if(!n||!i||!t.body.password)throw new ir("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify({hash:i,password:t.body.password}))throw new ir("BAD_REQUEST",{message:"Invalid password"});return!0}var sr=async e=>{let t=await nr(e),r=e.plugins||[],n=On(e),i=me(e.logger),o=re(e.baseURL,e.basePath),a=e.secret||L.BETTER_AUTH_SECRET||L.AUTH_SECRET||Ce;a===Ce&&te&&i.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:o?new URL(o).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(n),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let l=He(e),c=H(e),s=Object.keys(e.socialProviders||{}).map(u=>{let f=e.socialProviders?.[u];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&i.warn(`Social provider ${u} is missing clientId or clientSecret`),ve[u](f))}).filter(u=>u!==null),d=({model:u,size:f})=>typeof e?.advanced?.generateId=="function"?e.advanced.generateId({model:u,size:f}):q(f),p={appName:e.appName||"Better Auth",socialProviders:s,options:e,tables:c,trustedOrigins:vn(e),baseURL:o||"",sessionConfig:{updateAge:e.session?.updateAge!==void 0?e.session.updateAge:24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7,freshAge:e.session?.freshAge===void 0?5*60:e.session.freshAge},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??te,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||(e.secondaryStorage?"secondary-storage":"memory")},authCookies:l,logger:i,generateId:d,session:null,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||vt,verify:e.emailAndPassword?.password?.verify||St,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:or},setNewSession(u){this.newSession=u},newSession:null,adapter:t,internalAdapter:Le(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[],generateId:d}),createAuthCookie:Ue(e)},{context:m}=xn(p);return m};function xn(e){let t=e.options,r=t.plugins||[],n=e,i=[];for(let o of r)if(o.init){let a=o.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=Un(t,a.options)),a.context&&(n={...n,...a.context}))}return i.push(t.databaseHooks),n.internalAdapter=Le(e.adapter,{options:t,hooks:i.filter(o=>o!==void 0),generateId:e.generateId}),n.options=t,{context:n}}function On(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function vn(e){let t=re(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let n=L.BETTER_AUTH_TRUSTED_ORIGINS;return n&&r.push(...n.split(",")),r}var Ou=e=>{let t=sr(e),{api:r}=Pe(t,e),n=e.plugins?.reduce((i,o)=>o.$ERROR_CODES?{...i,...o.$ERROR_CODES}:i,{});return{handler:async i=>{let o=await t,a=o.options.basePath||"/api/auth",l=new URL(i.url);if(!o.options.baseURL){let s=re(void 0,a)||`${l.origin}${a}`;o.options.baseURL=s,o.baseURL=s}o.trustedOrigins=[...e.trustedOrigins||[],o.baseURL,l.origin];let{handler:c}=Kt(o,e);return c(i)},api:r,options:e,$context:t,$Infer:{},$ErrorCodes:{...n,...b}}};export{D as BetterAuthError,Z as HIDE_METADATA,qe as MissingDependencyError,Ou as betterAuth,ro as capitalizeFirstLetter,Ue as createCookieGetter,me as createLogger,F as deleteSessionCookie,q as generateId,fe as generateState,He as getCookies,xe as levels,P as logger,ri as parseCookies,Kn as parseSetCookieHeader,Ke as parseState,I as setSessionCookie,Dr as shouldPublishLog};