better-auth 1.0.8-beta.1 → 1.0.8-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/dist/adapters/drizzle.d.cts +1 -1
  2. package/dist/adapters/drizzle.d.ts +1 -1
  3. package/dist/adapters/kysely.d.cts +1 -1
  4. package/dist/adapters/kysely.d.ts +1 -1
  5. package/dist/adapters/memory.d.cts +1 -1
  6. package/dist/adapters/memory.d.ts +1 -1
  7. package/dist/adapters/mongodb.d.cts +1 -1
  8. package/dist/adapters/mongodb.d.ts +1 -1
  9. package/dist/adapters/prisma.d.cts +1 -1
  10. package/dist/adapters/prisma.d.ts +1 -1
  11. package/dist/api.cjs +1 -1
  12. package/dist/api.d.cts +1 -1
  13. package/dist/api.d.ts +1 -1
  14. package/dist/api.js +1 -1
  15. package/dist/{auth-ClDmT5ez.d.cts → auth-DuzXr0Ie.d.cts} +15 -9
  16. package/dist/{auth-Cr3tLhNt.d.ts → auth-pJaOH2YO.d.ts} +15 -9
  17. package/dist/client/plugins.d.cts +3 -3
  18. package/dist/client/plugins.d.ts +3 -3
  19. package/dist/client.d.cts +1 -1
  20. package/dist/client.d.ts +1 -1
  21. package/dist/cookies.cjs +1 -1
  22. package/dist/cookies.d.cts +1 -1
  23. package/dist/cookies.d.ts +1 -1
  24. package/dist/cookies.js +1 -1
  25. package/dist/crypto.cjs +1 -1
  26. package/dist/crypto.d.cts +4 -1
  27. package/dist/crypto.d.ts +4 -1
  28. package/dist/crypto.js +1 -1
  29. package/dist/db.d.cts +2 -2
  30. package/dist/db.d.ts +2 -2
  31. package/dist/{index-DCj3aNJf.d.cts → index-Cl_Lo39o.d.cts} +2 -2
  32. package/dist/{index-uj60xRYw.d.ts → index-DZWZjuQQ.d.ts} +2 -2
  33. package/dist/index.cjs +2 -2
  34. package/dist/index.d.cts +2 -2
  35. package/dist/index.d.ts +2 -2
  36. package/dist/index.js +2 -2
  37. package/dist/next-js.cjs +1 -1
  38. package/dist/next-js.d.cts +1 -1
  39. package/dist/next-js.d.ts +1 -1
  40. package/dist/next-js.js +1 -1
  41. package/dist/node.d.cts +1 -1
  42. package/dist/node.d.ts +1 -1
  43. package/dist/oauth2.d.cts +2 -2
  44. package/dist/oauth2.d.ts +2 -2
  45. package/dist/plugins.cjs +1 -1
  46. package/dist/plugins.d.cts +4 -4
  47. package/dist/plugins.d.ts +4 -4
  48. package/dist/plugins.js +1 -1
  49. package/dist/react.d.cts +1 -1
  50. package/dist/react.d.ts +1 -1
  51. package/dist/solid-start.d.cts +1 -1
  52. package/dist/solid-start.d.ts +1 -1
  53. package/dist/solid.d.cts +1 -1
  54. package/dist/solid.d.ts +1 -1
  55. package/dist/{state-C_iyOSxr.d.cts → state-DM7Wud8_.d.cts} +1 -1
  56. package/dist/{state-CV4kV1Ul.d.ts → state-O5vBq4YU.d.ts} +1 -1
  57. package/dist/svelte-kit.d.cts +1 -1
  58. package/dist/svelte-kit.d.ts +1 -1
  59. package/dist/svelte.d.cts +1 -1
  60. package/dist/svelte.d.ts +1 -1
  61. package/dist/types.d.cts +2 -2
  62. package/dist/types.d.ts +2 -2
  63. package/dist/vue.d.cts +1 -1
  64. package/dist/vue.d.ts +1 -1
  65. package/package.json +1 -1
package/dist/{auth-ClDmT5ez.d.cts → auth-DuzXr0Ie.d.cts} RENAMED
@@ -40,25 +40,25 @@ declare const accountSchema: z.ZodObject<{
40
40
  userId: string;
41
41
  createdAt: Date;
42
42
  updatedAt: Date;
43
+ password?: string | null | undefined;
43
44
  accessToken?: string | null | undefined;
44
45
  refreshToken?: string | null | undefined;
45
46
  idToken?: string | null | undefined;
46
47
  accessTokenExpiresAt?: Date | null | undefined;
47
48
  refreshTokenExpiresAt?: Date | null | undefined;
48
49
  scope?: string | null | undefined;
49
- password?: string | null | undefined;
50
50
  }, {
51
51
  id: string;
52
52
  providerId: string;
53
53
  accountId: string;
54
54
  userId: string;
55
+ password?: string | null | undefined;
55
56
  accessToken?: string | null | undefined;
56
57
  refreshToken?: string | null | undefined;
57
58
  idToken?: string | null | undefined;
58
59
  accessTokenExpiresAt?: Date | null | undefined;
59
60
  refreshTokenExpiresAt?: Date | null | undefined;
60
61
  scope?: string | null | undefined;
61
- password?: string | null | undefined;
62
62
  createdAt?: Date | undefined;
63
63
  updatedAt?: Date | undefined;
64
64
  }>;
@@ -865,7 +865,10 @@ interface BetterAuthOptions {
865
865
  */
866
866
  password?: {
867
867
  hash?: (password: string) => Promise<string>;
868
- verify?: (hash: string, password: string) => Promise<boolean>;
868
+ verify?: (data: {
869
+ hash: string;
870
+ password: string;
871
+ }) => Promise<boolean>;
869
872
  };
870
873
  /**
871
874
  * Automatically sign in the user after sign up
@@ -1297,13 +1300,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1297
1300
  userId: string;
1298
1301
  createdAt: Date;
1299
1302
  updatedAt: Date;
1303
+ password?: string | null | undefined;
1300
1304
  accessToken?: string | null | undefined;
1301
1305
  refreshToken?: string | null | undefined;
1302
1306
  idToken?: string | null | undefined;
1303
1307
  accessTokenExpiresAt?: Date | null | undefined;
1304
1308
  refreshTokenExpiresAt?: Date | null | undefined;
1305
1309
  scope?: string | null | undefined;
1306
- password?: string | null | undefined;
1307
1310
  }>;
1308
1311
  listSessions: (userId: string) => Promise<{
1309
1312
  id: string;
@@ -1368,13 +1371,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1368
1371
  userId: string;
1369
1372
  createdAt: Date;
1370
1373
  updatedAt: Date;
1374
+ password?: string | null | undefined;
1371
1375
  accessToken?: string | null | undefined;
1372
1376
  refreshToken?: string | null | undefined;
1373
1377
  idToken?: string | null | undefined;
1374
1378
  accessTokenExpiresAt?: Date | null | undefined;
1375
1379
  refreshTokenExpiresAt?: Date | null | undefined;
1376
1380
  scope?: string | null | undefined;
1377
- password?: string | null | undefined;
1378
1381
  }[];
1379
1382
  } | null>;
1380
1383
  findUserById: (userId: string) => Promise<{
@@ -1397,13 +1400,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1397
1400
  userId: string;
1398
1401
  createdAt: Date;
1399
1402
  updatedAt: Date;
1403
+ password?: string | null | undefined;
1400
1404
  accessToken?: string | null | undefined;
1401
1405
  refreshToken?: string | null | undefined;
1402
1406
  idToken?: string | null | undefined;
1403
1407
  accessTokenExpiresAt?: Date | null | undefined;
1404
1408
  refreshTokenExpiresAt?: Date | null | undefined;
1405
1409
  scope?: string | null | undefined;
1406
- password?: string | null | undefined;
1407
1410
  }[]>;
1408
1411
  findAccount: (accountId: string) => Promise<{
1409
1412
  id: string;
@@ -1412,13 +1415,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1412
1415
  userId: string;
1413
1416
  createdAt: Date;
1414
1417
  updatedAt: Date;
1418
+ password?: string | null | undefined;
1415
1419
  accessToken?: string | null | undefined;
1416
1420
  refreshToken?: string | null | undefined;
1417
1421
  idToken?: string | null | undefined;
1418
1422
  accessTokenExpiresAt?: Date | null | undefined;
1419
1423
  refreshTokenExpiresAt?: Date | null | undefined;
1420
1424
  scope?: string | null | undefined;
1421
- password?: string | null | undefined;
1422
1425
  } | null>;
1423
1426
  findAccountByUserId: (userId: string) => Promise<{
1424
1427
  id: string;
@@ -1427,13 +1430,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1427
1430
  userId: string;
1428
1431
  createdAt: Date;
1429
1432
  updatedAt: Date;
1433
+ password?: string | null | undefined;
1430
1434
  accessToken?: string | null | undefined;
1431
1435
  refreshToken?: string | null | undefined;
1432
1436
  idToken?: string | null | undefined;
1433
1437
  accessTokenExpiresAt?: Date | null | undefined;
1434
1438
  refreshTokenExpiresAt?: Date | null | undefined;
1435
1439
  scope?: string | null | undefined;
1436
- password?: string | null | undefined;
1437
1440
  }[]>;
1438
1441
  updateAccount: (accountId: string, data: Partial<Account>) => Promise<any>;
1439
1442
  createVerificationValue: (data: Omit<Verification, "createdAt" | "id" | "updatedAt"> & Partial<Verification>) => Promise<{
@@ -1560,7 +1563,10 @@ type AuthContext = {
1560
1563
  secondaryStorage: SecondaryStorage | undefined;
1561
1564
  password: {
1562
1565
  hash: (password: string) => Promise<string>;
1563
- verify: (password: string, hash: string) => Promise<boolean>;
1566
+ verify: (data: {
1567
+ password: string;
1568
+ hash: string;
1569
+ }) => Promise<boolean>;
1564
1570
  config: {
1565
1571
  minPasswordLength: number;
1566
1572
  maxPasswordLength: number;
package/dist/{auth-Cr3tLhNt.d.ts → auth-pJaOH2YO.d.ts} RENAMED
@@ -40,25 +40,25 @@ declare const accountSchema: z.ZodObject<{
40
40
  userId: string;
41
41
  createdAt: Date;
42
42
  updatedAt: Date;
43
+ password?: string | null | undefined;
43
44
  accessToken?: string | null | undefined;
44
45
  refreshToken?: string | null | undefined;
45
46
  idToken?: string | null | undefined;
46
47
  accessTokenExpiresAt?: Date | null | undefined;
47
48
  refreshTokenExpiresAt?: Date | null | undefined;
48
49
  scope?: string | null | undefined;
49
- password?: string | null | undefined;
50
50
  }, {
51
51
  id: string;
52
52
  providerId: string;
53
53
  accountId: string;
54
54
  userId: string;
55
+ password?: string | null | undefined;
55
56
  accessToken?: string | null | undefined;
56
57
  refreshToken?: string | null | undefined;
57
58
  idToken?: string | null | undefined;
58
59
  accessTokenExpiresAt?: Date | null | undefined;
59
60
  refreshTokenExpiresAt?: Date | null | undefined;
60
61
  scope?: string | null | undefined;
61
- password?: string | null | undefined;
62
62
  createdAt?: Date | undefined;
63
63
  updatedAt?: Date | undefined;
64
64
  }>;
@@ -865,7 +865,10 @@ interface BetterAuthOptions {
865
865
  */
866
866
  password?: {
867
867
  hash?: (password: string) => Promise<string>;
868
- verify?: (hash: string, password: string) => Promise<boolean>;
868
+ verify?: (data: {
869
+ hash: string;
870
+ password: string;
871
+ }) => Promise<boolean>;
869
872
  };
870
873
  /**
871
874
  * Automatically sign in the user after sign up
@@ -1297,13 +1300,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1297
1300
  userId: string;
1298
1301
  createdAt: Date;
1299
1302
  updatedAt: Date;
1303
+ password?: string | null | undefined;
1300
1304
  accessToken?: string | null | undefined;
1301
1305
  refreshToken?: string | null | undefined;
1302
1306
  idToken?: string | null | undefined;
1303
1307
  accessTokenExpiresAt?: Date | null | undefined;
1304
1308
  refreshTokenExpiresAt?: Date | null | undefined;
1305
1309
  scope?: string | null | undefined;
1306
- password?: string | null | undefined;
1307
1310
  }>;
1308
1311
  listSessions: (userId: string) => Promise<{
1309
1312
  id: string;
@@ -1368,13 +1371,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1368
1371
  userId: string;
1369
1372
  createdAt: Date;
1370
1373
  updatedAt: Date;
1374
+ password?: string | null | undefined;
1371
1375
  accessToken?: string | null | undefined;
1372
1376
  refreshToken?: string | null | undefined;
1373
1377
  idToken?: string | null | undefined;
1374
1378
  accessTokenExpiresAt?: Date | null | undefined;
1375
1379
  refreshTokenExpiresAt?: Date | null | undefined;
1376
1380
  scope?: string | null | undefined;
1377
- password?: string | null | undefined;
1378
1381
  }[];
1379
1382
  } | null>;
1380
1383
  findUserById: (userId: string) => Promise<{
@@ -1397,13 +1400,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1397
1400
  userId: string;
1398
1401
  createdAt: Date;
1399
1402
  updatedAt: Date;
1403
+ password?: string | null | undefined;
1400
1404
  accessToken?: string | null | undefined;
1401
1405
  refreshToken?: string | null | undefined;
1402
1406
  idToken?: string | null | undefined;
1403
1407
  accessTokenExpiresAt?: Date | null | undefined;
1404
1408
  refreshTokenExpiresAt?: Date | null | undefined;
1405
1409
  scope?: string | null | undefined;
1406
- password?: string | null | undefined;
1407
1410
  }[]>;
1408
1411
  findAccount: (accountId: string) => Promise<{
1409
1412
  id: string;
@@ -1412,13 +1415,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1412
1415
  userId: string;
1413
1416
  createdAt: Date;
1414
1417
  updatedAt: Date;
1418
+ password?: string | null | undefined;
1415
1419
  accessToken?: string | null | undefined;
1416
1420
  refreshToken?: string | null | undefined;
1417
1421
  idToken?: string | null | undefined;
1418
1422
  accessTokenExpiresAt?: Date | null | undefined;
1419
1423
  refreshTokenExpiresAt?: Date | null | undefined;
1420
1424
  scope?: string | null | undefined;
1421
- password?: string | null | undefined;
1422
1425
  } | null>;
1423
1426
  findAccountByUserId: (userId: string) => Promise<{
1424
1427
  id: string;
@@ -1427,13 +1430,13 @@ declare const createInternalAdapter: (adapter: Adapter, ctx: {
1427
1430
  userId: string;
1428
1431
  createdAt: Date;
1429
1432
  updatedAt: Date;
1433
+ password?: string | null | undefined;
1430
1434
  accessToken?: string | null | undefined;
1431
1435
  refreshToken?: string | null | undefined;
1432
1436
  idToken?: string | null | undefined;
1433
1437
  accessTokenExpiresAt?: Date | null | undefined;
1434
1438
  refreshTokenExpiresAt?: Date | null | undefined;
1435
1439
  scope?: string | null | undefined;
1436
- password?: string | null | undefined;
1437
1440
  }[]>;
1438
1441
  updateAccount: (accountId: string, data: Partial<Account>) => Promise<any>;
1439
1442
  createVerificationValue: (data: Omit<Verification, "createdAt" | "id" | "updatedAt"> & Partial<Verification>) => Promise<{
@@ -1560,7 +1563,10 @@ type AuthContext = {
1560
1563
  secondaryStorage: SecondaryStorage | undefined;
1561
1564
  password: {
1562
1565
  hash: (password: string) => Promise<string>;
1563
- verify: (password: string, hash: string) => Promise<boolean>;
1566
+ verify: (data: {
1567
+ password: string;
1568
+ hash: string;
1569
+ }) => Promise<boolean>;
1564
1570
  config: {
1565
1571
  minPasswordLength: number;
1566
1572
  maxPasswordLength: number;
package/dist/client/plugins.d.cts CHANGED
@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
2
2
  import { AccessControl, StatementsPrimitive, Role } from '../plugins/access.cjs';
3
3
  import * as _better_fetch_fetch from '@better-fetch/fetch';
4
4
  import { BetterFetchOption } from '@better-fetch/fetch';
5
- import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-DCj3aNJf.cjs';
6
- export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-DCj3aNJf.cjs';
5
+ import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-Cl_Lo39o.cjs';
6
+ export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-Cl_Lo39o.cjs';
7
7
  import { P as Prettify } from '../helper-DxMBi7M2.cjs';
8
- import { F as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-ClDmT5ez.cjs';
8
+ import { F as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-DuzXr0Ie.cjs';
9
9
  import { Store } from '../types.cjs';
10
10
  import 'zod';
11
11
  import 'better-call';
package/dist/client/plugins.d.ts CHANGED
@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
2
2
  import { AccessControl, StatementsPrimitive, Role } from '../plugins/access.js';
3
3
  import * as _better_fetch_fetch from '@better-fetch/fetch';
4
4
  import { BetterFetchOption } from '@better-fetch/fetch';
5
- import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-uj60xRYw.js';
6
- export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-uj60xRYw.js';
5
+ import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-DZWZjuQQ.js';
6
+ export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-DZWZjuQQ.js';
7
7
  import { P as Prettify } from '../helper-DxMBi7M2.js';
8
- import { F as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-Cr3tLhNt.js';
8
+ import { F as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-pJaOH2YO.js';
9
9
  import { Store } from '../types.js';
10
10
  import 'zod';
11
11
  import 'better-call';
package/dist/client.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { j as BetterAuthPlugin } from './auth-ClDmT5ez.cjs';
1
+ import { j as BetterAuthPlugin } from './auth-DuzXr0Ie.cjs';
2
2
  import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.cjs';
3
3
  export { AtomListener, InferAdditionalFromClient, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, Store } from './types.cjs';
4
4
  import * as nanostores from 'nanostores';
package/dist/client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { j as BetterAuthPlugin } from './auth-Cr3tLhNt.js';
1
+ import { j as BetterAuthPlugin } from './auth-pJaOH2YO.js';
2
2
  import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
3
3
  export { AtomListener, InferAdditionalFromClient, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, Store } from './types.js';
4
4
  import * as nanostores from 'nanostores';
package/dist/cookies.cjs CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";var se=Object.defineProperty;var dt=Object.getOwnPropertyDescriptor;var pt=Object.getOwnPropertyNames;var lt=Object.prototype.hasOwnProperty;var ut=(e,t)=>{for(var r in t)se(e,r,{get:t[r],enumerable:!0})},mt=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of pt(t))!lt.call(e,i)&&i!==r&&se(e,i,{get:()=>t[i],enumerable:!(o=dt(t,i))||o.enumerable});return e};var ft=e=>mt(se({},"__esModule",{value:!0}),e);var or={};ut(or,{createCookieGetter:()=>ct,deleteSessionCookie:()=>P,getCookies:()=>tr,parseCookies:()=>rr,parseSetCookieHeader:()=>er,setSessionCookie:()=>U});module.exports=ft(or);var st=require("oslo"),at=require("oslo/encoding");var Z=require("oslo/crypto");async function gt({value:e,secret:t}){return new Z.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function ht({value:e,signature:t,secret:r}){return new Z.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var J={sign:gt,verify:ht};var O=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};var C=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var W=Object.create(null),G=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?W:globalThis),ue=new Proxy(W,{get(e,t){return G()[t]??W[t]},has(e,t){let r=G();return t in r||t in W},set(e,t,r){let o=G(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=G(!0);return delete r[t],!0},ownKeys(){let e=G(!0);return Object.keys(e)}});function wt(e){return e?e!=="false":!1}var K=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",me=K==="production",fe=K==="dev"||K==="development",yt=K==="test"||wt(ue.TEST);var M=require("better-call");var he=require("better-call");var D=require("better-call"),ge=(0,D.createMiddleware)(async()=>({})),Q=(0,D.createMiddlewareCreator)({use:[ge,(0,D.createMiddleware)(async()=>({}))]}),m=(0,D.createEndpointCreator)({use:[ge]});var bt=Q(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,c=r?.currentURL,a=o.trustedOrigins,d=e.headers?.has("cookie"),p=(w,k)=>k.includes("*")?new RegExp("^"+k.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(w):w.startsWith(k),u=(w,k)=>{if(!w)return;if(!a.some(V=>p(w,V)||w?.startsWith("/")&&k!=="origin"&&!w.includes(":")))throw e.context.logger.error(`Invalid ${k}: ${w}`),e.context.logger.info(`If it's a valid URL, please add ${w} to trustedOrigins in your auth config
2
2
  `,`Current list of trustedOrigins: ${a}`),new he.APIError("FORBIDDEN",{message:`Invalid ${k}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&u(i,"origin"),n&&u(n,"callbackURL"),s&&u(s,"redirectURL"),c&&u(c,"currentURL")});var b=require("better-call"),g=require("zod");var ve=require("@better-fetch/fetch"),Ee=require("better-call"),z=require("jose"),Te=require("oslo/jwt");var we=require("oslo/crypto"),ye=require("oslo/encoding");async function be(e){let t=await(0,we.sha256)(new TextEncoder().encode(e));return ye.base64url.encode(new Uint8Array(t),{includePadding:!1})}function ke(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?C(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function h({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:s,redirectURI:c}){let a=new URL(r);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",t.clientId),a.searchParams.set("state",o),a.searchParams.set("scope",n.join(" ")),a.searchParams.set("redirect_uri",t.redirectURI||c),i){let d=await be(i);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",d)}if(s){let d=s.reduce((p,u)=>(p[u]=null,p),{});a.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return a}var Ae=require("@better-fetch/fetch");async function f({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i,authentication:n}){let s=new URLSearchParams,c={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),n==="basic"){let u=btoa(`${o.clientId}:${o.clientSecret}`);c.authorization=`Basic ${u}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:a,error:d}=await(0,Ae.betterFetch)(i,{method:"POST",body:s,headers:c});if(d)throw d;return ke(a)}var Y=require("oslo/oauth2"),L=require("zod"),ae=require("better-call");function Ue(e){try{return new URL(e).origin}catch{return null}}async function X(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?Ue(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new ae.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,Y.generateCodeVerifier)(),i=(0,Y.generateState)(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:s});if(!c)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new ae.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function Re(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=L.z.object({callbackURL:L.z.string(),codeVerifier:L.z.string(),errorURL:L.z.string().optional(),expiresAt:L.z.number(),link:L.z.object({email:L.z.string(),userId:L.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var xe=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>f({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let i=(0,z.decodeProtectedHeader)(r),{kid:n,alg:s}=i;if(!n||!s)return!1;let c=await kt(n),{payload:a}=await(0,z.jwtVerify)(r,c,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{a[d]!==void 0&&(a[d]=!!a[d])}),o&&a.nonce!==o?!1:!!a},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let o=(0,Te.parseJWT)(r.idToken)?.payload;if(!o)return null;let i=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email;return{user:{id:o.sub,name:i,emailVerified:!1,email:o.email},data:o}}}},kt=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await(0,ve.betterFetch)(`${t}${r}`);if(!o?.keys)throw new Ee.APIError("BAD_REQUEST",{message:"Keys not found"});let i=o.keys.find(n=>n.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await(0,z.importJWK)(i,i.alg)};var _e=require("@better-fetch/fetch");var Se=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>f({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await(0,_e.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var Pe=require("@better-fetch/fetch");var Ie=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await h({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>f({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await(0,Pe.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var ce=require("@better-fetch/fetch");var Le=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),h({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>f({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:o,error:i}=await(0,ce.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:s,error:c}=await(0,ce.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(s.find(a=>a.primary)??s[0])?.email,n=s.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};var Ce=require("oslo/jwt");var Oe=require("consola"),de=["info","success","warn","error","debug"];function At(e,t){return de.indexOf(t)<=de.indexOf(e)}var Ut=(0,Oe.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),Rt=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(i,n,s=[])=>{if(!(!t||!At(r,i))){if(!e||typeof e.log!="function"){Ut[i]("",n,...s);return}e.log(i==="success"?"info":i,n,s)}};return Object.fromEntries(de.map(i=>[i,(...[n,...s])=>o(i,n,s)]))},T=Rt();var je=require("@better-fetch/fetch"),De=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw T.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new O("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new O("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let s=await h({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>f({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await(0,je.betterFetch)(o);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=(0,Ce.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var Be=require("@better-fetch/fetch"),Ve=require("oslo/jwt");var ze=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),h({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:s}){return f({code:i,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(i){if(e.getUserInfo)return e.getUserInfo(i);if(!i.idToken)return null;let n=(0,Ve.parseJWT)(i.idToken)?.payload,s=e.profilePhotoSize||48;return await(0,Be.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),p=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${p}`}catch(a){T.error(a&&typeof a=="object"&&"name"in a?a.name:"",a)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};var $e=require("@better-fetch/fetch");var qe=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),h({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>f({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await(0,$e.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var $={isAction:!1};var Ne=require("nanoid"),Fe=e=>(0,Ne.nanoid)(e);var He=require("oslo/jwt");var Me=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),h({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>f({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return T.error("No idToken found in token"),null;let o=(0,He.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var Ge=require("@better-fetch/fetch");var Qe=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),h({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>f({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await(0,Ge.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Ze=require("@better-fetch/fetch");var Je=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await h({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await f({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:o,error:i}=await(0,Ze.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var We=require("@better-fetch/fetch");var Ke=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let s=i||["profile","email","openid"];return e.scope&&s.push(...e.scope),await h({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await f({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await(0,We.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};var Ye=require("@better-fetch/fetch");var pe=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),vt=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:pe(`${t}/oauth/authorize`),tokenEndpoint:pe(`${t}/oauth/token`),userinfoEndpoint:pe(`${t}/api/v4/user`)}},Xe=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=vt(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:c,codeVerifier:a,redirectURI:d})=>{let p=c||["read_user"];return e.scope&&p.push(...e.scope),await h({id:i,options:e,authorizationEndpoint:t,scopes:p,state:s,redirectURI:d,codeVerifier:a})},validateAuthorizationCode:async({code:s,redirectURI:c,codeVerifier:a})=>f({code:s,redirectURI:e.redirectURI||c,options:e,codeVerifier:a,tokenEndpoint:r}),async getUserInfo(s){if(e.getUserInfo)return e.getUserInfo(s);let{data:c,error:a}=await(0,Ye.betterFetch)(o,{headers:{authorization:`Bearer ${s.accessToken}`}});return a||c.state!=="active"||c.locked?null:{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0},data:c}}}};var Et={apple:xe,discord:Se,facebook:Ie,github:Le,microsoft:ze,google:De,spotify:qe,twitch:Me,twitter:Qe,dropbox:Je,linkedin:Ke,gitlab:Xe},ee=Object.keys(Et);var ot=require("oslo"),te=require("oslo/jwt"),x=require("zod");var N=require("better-call");var S=require("better-call");var q=require("zod");function et(e){try{return JSON.parse(e)}catch{return null}}var tt=()=>m("/get-session",{method:"GET",query:q.z.optional(q.z.object({disableCookieCache:q.z.boolean({description:"Disable cookie cache and fetch session from database"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?et(Buffer.from(r,"base64").toString()):null;if(o&&!await J.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return P(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let p=o.session;if(o.expiresAt<Date.now()||p.session.expiresAt<new Date){let w=e.context.authCookies.sessionData.name;e.setCookie(w,"",{maxAge:0})}else return e.json(p)}let n=await e.context.internalAdapter.findSession(t);if(e.context.session=n,!n||n.session.expiresAt<new Date)return P(e),n&&await e.context.internalAdapter.deleteSession(n.session.token),e.json(null);if(i)return e.json(n);let s=e.context.sessionConfig.expiresIn,c=e.context.sessionConfig.updateAge;if(n.session.expiresAt.valueOf()-s*1e3+c*1e3<=Date.now()){let p=await e.context.internalAdapter.updateSession(n.session.token,{expiresAt:C(e.context.sessionConfig.expiresIn,"sec")});if(!p)return P(e),e.json(null,{status:401});let u=(p.expiresAt.valueOf()-Date.now())/1e3;return await U(e,{session:p,user:n.user},!1,{maxAge:u}),e.json({session:p,user:n.user})}return e.json(n)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new S.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),B=async e=>{if(e.context.session)return e.context.session;let t=await tt()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},I=Q(async e=>{let t=await B(e);if(!t?.session)throw new S.APIError("UNAUTHORIZED");return{session:t}}),rt=Q(async e=>{let t=await B(e);if(!t?.session)throw new S.APIError("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,o=t.session.createdAt.valueOf(),i=Date.now();if(!(o+r*1e3>i))throw new S.APIError("FORBIDDEN",{message:"Session is not fresh"});return{session:t}});var Tt=m("/revoke-session",{method:"POST",body:q.z.object({token:q.z.string({description:"The token to revoke"})}),use:[I],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new S.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new S.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new S.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),xt=m("/revoke-sessions",{method:"POST",use:[I],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new S.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),_t=m("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[I],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new S.APIError("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(n=>n.expiresAt>new Date).filter(n=>n.token!==e.context.session.session.token);return await Promise.all(i.map(n=>e.context.internalAdapter.deleteSession(n.token))),e.json({status:!0})});async function j(e,t,r){return await(0,te.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new ot.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}async function St(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new N.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,t.email),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:o,token:r},e.request)}var Pt=m("/send-verification-email",{method:"POST",query:x.z.object({currentURL:x.z.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:x.z.object({email:x.z.string({description:"The email to send the verification email to"}).email(),callbackURL:x.z.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new N.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new N.APIError("BAD_REQUEST",{message:"User not found"});return await St(e,r.user),e.json({status:!0})}),It=m("/verify-email",{method:"GET",query:x.z.object({token:x.z.string({description:"The token to verify the email"}),callbackURL:x.z.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(c){throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=${c}`):new N.APIError("UNAUTHORIZED",{message:c})}let{token:r}=e.query,o;try{o=await(0,te.validateJWT)("HS256",Buffer.from(e.context.secret),r)}catch(c){return e.context.logger.error("Failed to verify email",c),t("invalid_token")}let n=x.z.object({email:x.z.string().email(),updateTo:x.z.string().optional()}).parse(o.payload),s=await e.context.internalAdapter.findUserByEmail(n.email);if(!s)return t("user_not_found");if(n.updateTo){let c=await B(e);if(!c){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(c.user.email!==n.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${r}`,token:r},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await B(e)){let a=await e.context.internalAdapter.createSession(s.user.id,e.request);if(!a)throw new N.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await U(e,{session:a,user:s.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function re(e,{userInfo:t,account:r,callbackURL:o}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(c=>{throw T.error(`Better auth was unable to query your database.
3
- Error: `,c),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),n=i?.user;if(i){let c=i.accounts.find(a=>a.providerId===r.providerId);if(c){let a=Object.fromEntries(Object.entries({accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt}).filter(([d,p])=>p!==void 0));Object.keys(a).length>0&&await e.context.internalAdapter.updateAccount(c.id,a)}else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return fe&&T.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(p){return T.error("Unable to link account",p),{error:"unable to link account",data:null}}}}else try{let c=t.emailVerified||!1;if(n=await e.context.internalAdapter.createOAuthUser({...t,id:void 0,emailVerified:c,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(a=>a?.user),!c&&n&&e.context.options.emailVerification?.sendOnSignUp){let a=await j(e.context.secret,n.email),d=`${e.context.baseURL}/verify-email?token=${a}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:n,url:d,token:a},e.request)}}catch(c){return T.error("Unable to create user",c),{error:"unable to create user",data:null}}if(!n)return{error:"unable to create user",data:null};let s=await e.context.internalAdapter.createSession(n.id,e.request);return s?{data:{session:s,user:n},error:null}:{error:"unable to create session",data:null}}var Lt=m("/sign-in/social",{method:"POST",query:g.z.object({currentURL:g.z.string().optional()}).optional(),body:g.z.object({callbackURL:g.z.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),errorCallbackURL:g.z.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:g.z.enum(ee,{description:"OAuth2 provider to use"}),disableRedirect:g.z.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:g.z.optional(g.z.object({token:g.z.string({description:"ID token from the provider"}),nonce:g.z.string({description:"Nonce used to generate the token"}).optional(),accessToken:g.z.string({description:"Access token from the provider"}).optional(),refreshToken:g.z.string({description:"Refresh token from the provider"}).optional(),expiresAt:g.z.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new b.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new b.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:n,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(n,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new b.APIError("UNAUTHORIZED",{message:"Invalid id token"});let a=await t.getUserInfo({idToken:n,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!a||!a?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new b.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!a.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new b.APIError("UNAUTHORIZED",{message:"User email not found"});let d=await re(e,{userInfo:{email:a.user.email,id:a.user.id,name:a.user.name||"",image:a.user.image,emailVerified:a.user.emailVerified||!1},account:{providerId:t.id,accountId:a.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new b.APIError("UNAUTHORIZED",{message:d.error});return await U(e,d.data),e.json({session:d.data.session,user:d.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await X(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!e.body.disableRedirect})}),Ot=m("/sign-in/email",{method:"POST",body:g.z.object({email:g.z.string({description:"Email of the user"}),password:g.z.string({description:"Password of the user"}),callbackURL:g.z.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:g.z.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new b.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!g.z.string().email().safeParse(t).success)throw new b.APIError("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new b.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let n=i.accounts.find(d=>d.providerId==="credential");if(!n)throw e.context.logger.error("Credential account not found",{email:t}),new b.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let s=n?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new b.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new b.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new b.APIError("UNAUTHORIZED",{message:"Email is not verified."});let d=await j(e.context.secret,i.user.email),p=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:p,token:d},e.request),e.context.logger.error("Email not verified",{email:t}),new b.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let a=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!a)throw e.context.logger.error("Failed to create session"),new b.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await U(e,{session:a,user:i.user},e.body.rememberMe===!1),e.json({user:i.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var F=require("zod");var oe=F.z.object({code:F.z.string().optional(),error:F.z.string().optional(),errorMessage:F.z.string().optional(),state:F.z.string().optional()}),Ct=m("/callback/:id",{method:["GET","POST"],body:oe.optional(),query:oe.optional(),metadata:$},async e=>{let t;try{if(e.method==="GET")t=oe.parse(e.query);else if(e.method==="POST")t=oe.parse(e.body);else throw new Error("Unsupported method")}catch(E){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",E),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:i}=t;if(!i)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}`);let n=e.context.socialProviders.find(E=>E.id===e.params.id);if(!n)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:s,callbackURL:c,link:a,errorURL:d}=await Re(e),p;try{p=await n.validateAuthorizationCode({code:r,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${n.id}`})}catch(E){throw e.context.logger.error("",E),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let u=await n.getUserInfo(p).then(E=>E?.user);function w(E){let _=d||c||`${e.context.baseURL}/error`;throw _.includes("?")?_=`${_}&error=${E}`:_=`${_}?error=${E}`,e.redirect(_)}if(!u)return e.context.logger.error("Unable to get user info"),w("unable_to_get_user_info");if(!u.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),w("email_not_found");if(!c)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(a){if(a.email!==u.email.toLowerCase())return w("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:a.userId,providerId:n.id,accountId:u.id}))return w("unable_to_link_account");let _;try{_=new URL(c).toString()}catch{_=c}throw e.redirect(_)}let k=await re(e,{userInfo:{id:u.id,email:u.email,name:u.name||"",image:u.image,emailVerified:u.emailVerified||!1},account:{providerId:n.id,accountId:u.id,...p,scope:p.scopes?.join(",")},callbackURL:c});if(k.error)return e.context.logger.error(k.error.split(" ").join("_")),w(k.error.split(" ").join("_"));let{session:y,user:V}=k.data;await U(e,{session:y,user:V});let ne;try{ne=new URL(c).toString()}catch{ne=c}throw e.redirect(ne)});var yi=require("zod");var it=require("better-call"),jt=m("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw P(e),new it.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),P(e),e.json({success:!0})});var R=require("zod");var ie=require("better-call");function nt(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function Dt(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var Bt=m("/forget-password",{method:"POST",body:R.z.object({email:R.z.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:R.z.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ie.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=C(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i,"sec"),s=Fe(24);await e.context.internalAdapter.createVerificationValue({value:o.user.id.toString(),identifier:`reset-password:${s}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:c,token:s},e.request),e.json({status:!0})}),Vt=m("/reset-password/:token",{method:"GET",query:R.z.object({callbackURL:R.z.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Dt(e.context,r,{token:t}))}),zt=m("/reset-password",{query:R.z.optional(R.z.object({token:R.z.string().optional(),currentURL:R.z.string().optional()})),method:"POST",body:R.z.object({newPassword:R.z.string({description:"The new password to set"}),token:R.z.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ie.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ie.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,s=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(n)).find(d=>d.providerId==="credential")?(await e.context.internalAdapter.updatePassword(n,s),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:s,accountId:n}),e.json({status:!0}))});var A=require("zod");var v=require("better-call");var l=require("zod"),$t=require("better-call"),xi=l.z.object({id:l.z.string(),providerId:l.z.string(),accountId:l.z.string(),userId:l.z.string(),accessToken:l.z.string().nullish(),refreshToken:l.z.string().nullish(),idToken:l.z.string().nullish(),accessTokenExpiresAt:l.z.date().nullish(),refreshTokenExpiresAt:l.z.date().nullish(),scope:l.z.string().nullish(),password:l.z.string().nullish(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date)}),_i=l.z.object({id:l.z.string(),email:l.z.string().transform(e=>e.toLowerCase()),emailVerified:l.z.boolean().default(!1),name:l.z.string(),image:l.z.string().nullish(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date)}),Si=l.z.object({id:l.z.string(),userId:l.z.string(),expiresAt:l.z.date(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date),token:l.z.string(),ipAddress:l.z.string().nullish(),userAgent:l.z.string().nullish()}),Pi=l.z.object({id:l.z.string(),value:l.z.string(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date),expiresAt:l.z.date(),identifier:l.z.string()});var Nt=m("/change-password",{method:"POST",body:A.z.object({newPassword:A.z.string({description:"The new password to set"}),currentPassword:A.z.string({description:"The current password"}),revokeOtherSessions:A.z.boolean({description:"Revoke all other sessions"}).optional()}),use:[I],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(i.user.id)).find(u=>u.providerId==="credential"&&u.password);if(!a||!a.password)throw new v.APIError("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(a.password,r))throw new v.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let u=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!u)throw new v.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await U(e,{session:u,user:i.user})}return e.json(i.user)}),Ft=m("/set-password",{method:"POST",body:A.z.object({newPassword:A.z.string()}),metadata:{SERVER_ONLY:!0},use:[I]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),c=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new v.APIError("BAD_REQUEST",{message:"user already has a password"})}),Ht=m("/delete-user",{method:"POST",body:A.z.object({password:A.z.string({description:"The password of the user"})}),use:[rt],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{let t=e.context.session;return await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),P(e),e.json(null)}),Mt=m("/change-email",{method:"POST",query:A.z.object({currentURL:A.z.string().optional()}).optional(),body:A.z.object({newEmail:A.z.string({description:"The new email to set"}).email(),callbackURL:A.z.string({description:"The URL to redirect to after email verification"}).optional()}),use:[I],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new v.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new v.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new v.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new v.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var Gt=(e="Unknown")=>`<!DOCTYPE html>
3
+ Error: `,c),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),n=i?.user;if(i){let c=i.accounts.find(a=>a.providerId===r.providerId);if(c){let a=Object.fromEntries(Object.entries({accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt}).filter(([d,p])=>p!==void 0));Object.keys(a).length>0&&await e.context.internalAdapter.updateAccount(c.id,a)}else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return fe&&T.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(p){return T.error("Unable to link account",p),{error:"unable to link account",data:null}}}}else try{let c=t.emailVerified||!1;if(n=await e.context.internalAdapter.createOAuthUser({...t,id:void 0,emailVerified:c,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(a=>a?.user),!c&&n&&e.context.options.emailVerification?.sendOnSignUp){let a=await j(e.context.secret,n.email),d=`${e.context.baseURL}/verify-email?token=${a}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:n,url:d,token:a},e.request)}}catch(c){return T.error("Unable to create user",c),{error:"unable to create user",data:null}}if(!n)return{error:"unable to create user",data:null};let s=await e.context.internalAdapter.createSession(n.id,e.request);return s?{data:{session:s,user:n},error:null}:{error:"unable to create session",data:null}}var Lt=m("/sign-in/social",{method:"POST",query:g.z.object({currentURL:g.z.string().optional()}).optional(),body:g.z.object({callbackURL:g.z.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),errorCallbackURL:g.z.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:g.z.enum(ee,{description:"OAuth2 provider to use"}),disableRedirect:g.z.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:g.z.optional(g.z.object({token:g.z.string({description:"ID token from the provider"}),nonce:g.z.string({description:"Nonce used to generate the token"}).optional(),accessToken:g.z.string({description:"Access token from the provider"}).optional(),refreshToken:g.z.string({description:"Refresh token from the provider"}).optional(),expiresAt:g.z.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new b.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new b.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:n,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(n,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new b.APIError("UNAUTHORIZED",{message:"Invalid id token"});let a=await t.getUserInfo({idToken:n,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!a||!a?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new b.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!a.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new b.APIError("UNAUTHORIZED",{message:"User email not found"});let d=await re(e,{userInfo:{email:a.user.email,id:a.user.id,name:a.user.name||"",image:a.user.image,emailVerified:a.user.emailVerified||!1},account:{providerId:t.id,accountId:a.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new b.APIError("UNAUTHORIZED",{message:d.error});return await U(e,d.data),e.json({session:d.data.session,user:d.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await X(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!e.body.disableRedirect})}),Ot=m("/sign-in/email",{method:"POST",body:g.z.object({email:g.z.string({description:"Email of the user"}),password:g.z.string({description:"Password of the user"}),callbackURL:g.z.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:g.z.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new b.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!g.z.string().email().safeParse(t).success)throw new b.APIError("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new b.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let n=i.accounts.find(d=>d.providerId==="credential");if(!n)throw e.context.logger.error("Credential account not found",{email:t}),new b.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let s=n?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new b.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify({hash:s,password:r}))throw e.context.logger.error("Invalid password"),new b.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new b.APIError("UNAUTHORIZED",{message:"Email is not verified."});let d=await j(e.context.secret,i.user.email),p=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:p,token:d},e.request),e.context.logger.error("Email not verified",{email:t}),new b.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let a=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!a)throw e.context.logger.error("Failed to create session"),new b.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await U(e,{session:a,user:i.user},e.body.rememberMe===!1),e.json({user:i.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var F=require("zod");var oe=F.z.object({code:F.z.string().optional(),error:F.z.string().optional(),errorMessage:F.z.string().optional(),state:F.z.string().optional()}),Ct=m("/callback/:id",{method:["GET","POST"],body:oe.optional(),query:oe.optional(),metadata:$},async e=>{let t;try{if(e.method==="GET")t=oe.parse(e.query);else if(e.method==="POST")t=oe.parse(e.body);else throw new Error("Unsupported method")}catch(E){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",E),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:i}=t;if(!i)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}`);let n=e.context.socialProviders.find(E=>E.id===e.params.id);if(!n)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:s,callbackURL:c,link:a,errorURL:d}=await Re(e),p;try{p=await n.validateAuthorizationCode({code:r,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${n.id}`})}catch(E){throw e.context.logger.error("",E),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let u=await n.getUserInfo(p).then(E=>E?.user);function w(E){let _=d||c||`${e.context.baseURL}/error`;throw _.includes("?")?_=`${_}&error=${E}`:_=`${_}?error=${E}`,e.redirect(_)}if(!u)return e.context.logger.error("Unable to get user info"),w("unable_to_get_user_info");if(!u.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),w("email_not_found");if(!c)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(a){if(a.email!==u.email.toLowerCase())return w("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:a.userId,providerId:n.id,accountId:u.id}))return w("unable_to_link_account");let _;try{_=new URL(c).toString()}catch{_=c}throw e.redirect(_)}let k=await re(e,{userInfo:{id:u.id,email:u.email,name:u.name||"",image:u.image,emailVerified:u.emailVerified||!1},account:{providerId:n.id,accountId:u.id,...p,scope:p.scopes?.join(",")},callbackURL:c});if(k.error)return e.context.logger.error(k.error.split(" ").join("_")),w(k.error.split(" ").join("_"));let{session:y,user:V}=k.data;await U(e,{session:y,user:V});let ne;try{ne=new URL(c).toString()}catch{ne=c}throw e.redirect(ne)});var yi=require("zod");var it=require("better-call"),jt=m("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw P(e),new it.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),P(e),e.json({success:!0})});var R=require("zod");var ie=require("better-call");function nt(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function Dt(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var Bt=m("/forget-password",{method:"POST",body:R.z.object({email:R.z.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:R.z.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ie.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=C(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i,"sec"),s=Fe(24);await e.context.internalAdapter.createVerificationValue({value:o.user.id.toString(),identifier:`reset-password:${s}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:c,token:s},e.request),e.json({status:!0})}),Vt=m("/reset-password/:token",{method:"GET",query:R.z.object({callbackURL:R.z.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Dt(e.context,r,{token:t}))}),zt=m("/reset-password",{query:R.z.optional(R.z.object({token:R.z.string().optional(),currentURL:R.z.string().optional()})),method:"POST",body:R.z.object({newPassword:R.z.string({description:"The new password to set"}),token:R.z.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ie.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ie.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,s=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(n)).find(d=>d.providerId==="credential")?(await e.context.internalAdapter.updatePassword(n,s),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:s,accountId:n}),e.json({status:!0}))});var A=require("zod");var v=require("better-call");var l=require("zod"),$t=require("better-call"),xi=l.z.object({id:l.z.string(),providerId:l.z.string(),accountId:l.z.string(),userId:l.z.string(),accessToken:l.z.string().nullish(),refreshToken:l.z.string().nullish(),idToken:l.z.string().nullish(),accessTokenExpiresAt:l.z.date().nullish(),refreshTokenExpiresAt:l.z.date().nullish(),scope:l.z.string().nullish(),password:l.z.string().nullish(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date)}),_i=l.z.object({id:l.z.string(),email:l.z.string().transform(e=>e.toLowerCase()),emailVerified:l.z.boolean().default(!1),name:l.z.string(),image:l.z.string().nullish(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date)}),Si=l.z.object({id:l.z.string(),userId:l.z.string(),expiresAt:l.z.date(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date),token:l.z.string(),ipAddress:l.z.string().nullish(),userAgent:l.z.string().nullish()}),Pi=l.z.object({id:l.z.string(),value:l.z.string(),createdAt:l.z.date().default(()=>new Date),updatedAt:l.z.date().default(()=>new Date),expiresAt:l.z.date(),identifier:l.z.string()});var Nt=m("/change-password",{method:"POST",body:A.z.object({newPassword:A.z.string({description:"The new password to set"}),currentPassword:A.z.string({description:"The current password"}),revokeOtherSessions:A.z.boolean({description:"Revoke all other sessions"}).optional()}),use:[I],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(i.user.id)).find(u=>u.providerId==="credential"&&u.password);if(!a||!a.password)throw new v.APIError("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify({hash:a.password,password:r}))throw new v.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let u=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!u)throw new v.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await U(e,{session:u,user:i.user})}return e.json(i.user)}),Ft=m("/set-password",{method:"POST",body:A.z.object({newPassword:A.z.string()}),metadata:{SERVER_ONLY:!0},use:[I]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),c=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new v.APIError("BAD_REQUEST",{message:"user already has a password"})}),Ht=m("/delete-user",{method:"POST",body:A.z.object({password:A.z.string({description:"The password of the user"})}),use:[rt],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{let t=e.context.session;return await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),P(e),e.json(null)}),Mt=m("/change-email",{method:"POST",query:A.z.object({currentURL:A.z.string().optional()}).optional(),body:A.z.object({newEmail:A.z.string({description:"The new email to set"}).email(),callbackURL:A.z.string({description:"The URL to redirect to after email verification"}).optional()}),use:[I],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new v.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new v.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new v.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new v.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var Gt=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
5
5
  <head>
6
6
  <meta charset="UTF-8">
package/dist/cookies.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  import 'better-call';
2
- export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-ClDmT5ez.cjs';
2
+ export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-DuzXr0Ie.cjs';
3
3
  import 'kysely';
4
4
  import 'zod';
5
5
  import './helper-DxMBi7M2.cjs';
package/dist/cookies.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import 'better-call';
2
- export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-Cr3tLhNt.js';
2
+ export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-pJaOH2YO.js';
3
3
  import 'kysely';
4
4
  import 'zod';
5
5
  import './helper-DxMBi7M2.js';