better-auth 1.1.4 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/dist/api.cjs +1 -1
  2. package/dist/api.js +1 -1
  3. package/dist/client/plugins.cjs +1 -1
  4. package/dist/client/plugins.d.cts +4 -4
  5. package/dist/client/plugins.d.ts +4 -4
  6. package/dist/client/plugins.js +1 -1
  7. package/dist/{index-BcgN_NSa.d.ts → index-C1MweRkC.d.ts} +16 -0
  8. package/dist/{index-BCJVACKS.d.cts → index-Dpgm40FH.d.cts} +16 -0
  9. package/dist/index.cjs +4 -4
  10. package/dist/index.js +4 -4
  11. package/dist/plugin/custom-session.cjs +1 -1
  12. package/dist/plugin/custom-session.js +1 -1
  13. package/dist/plugins/admin.cjs +4 -4
  14. package/dist/plugins/admin.js +3 -3
  15. package/dist/plugins/anonymous.cjs +3 -3
  16. package/dist/plugins/anonymous.js +3 -3
  17. package/dist/plugins/bearer.cjs +1 -1
  18. package/dist/plugins/bearer.js +1 -1
  19. package/dist/plugins/email-otp.cjs +2 -2
  20. package/dist/plugins/email-otp.d.cts +4 -0
  21. package/dist/plugins/email-otp.d.ts +4 -0
  22. package/dist/plugins/email-otp.js +2 -2
  23. package/dist/plugins/generic-oauth.cjs +4 -4
  24. package/dist/plugins/generic-oauth.js +2 -2
  25. package/dist/plugins/jwt.cjs +1 -1
  26. package/dist/plugins/jwt.js +1 -1
  27. package/dist/plugins/multi-session.cjs +1 -1
  28. package/dist/plugins/multi-session.js +1 -1
  29. package/dist/plugins/oidc-provider.cjs +4 -4
  30. package/dist/plugins/oidc-provider.js +4 -4
  31. package/dist/plugins/one-tap.cjs +1 -1
  32. package/dist/plugins/one-tap.js +1 -1
  33. package/dist/plugins/open-api.cjs +1 -1
  34. package/dist/plugins/open-api.js +1 -1
  35. package/dist/plugins/organization.cjs +4 -4
  36. package/dist/plugins/organization.d.cts +1 -1
  37. package/dist/plugins/organization.d.ts +1 -1
  38. package/dist/plugins/organization.js +3 -3
  39. package/dist/plugins/passkey.cjs +2 -2
  40. package/dist/plugins/passkey.js +2 -2
  41. package/dist/plugins/phone-number.cjs +1 -1
  42. package/dist/plugins/phone-number.js +1 -1
  43. package/dist/plugins/sso.cjs +1 -1
  44. package/dist/plugins/sso.js +1 -1
  45. package/dist/plugins/two-factor.cjs +1 -1
  46. package/dist/plugins/two-factor.js +1 -1
  47. package/dist/plugins/username.cjs +1 -1
  48. package/dist/plugins/username.js +1 -1
  49. package/dist/plugins.cjs +5 -5
  50. package/dist/plugins.d.cts +1 -1
  51. package/dist/plugins.d.ts +1 -1
  52. package/dist/plugins.js +6 -6
  53. package/package.json +3 -3
package/dist/api.cjs CHANGED
@@ -1,4 +1,4 @@
1
- "use strict";var _e=Object.defineProperty;var pr=Object.getOwnPropertyDescriptor;var mr=Object.getOwnPropertyNames;var fr=Object.prototype.hasOwnProperty;var gr=(e,t)=>{for(var r in t)_e(e,r,{get:t[r],enumerable:!0})},hr=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of mr(t))!fr.call(e,n)&&n!==r&&_e(e,n,{get:()=>t[n],enumerable:!(o=pr(t,n))||o.enumerable});return e};var wr=e=>hr(_e({},"__esModule",{value:!0}),e);var ho={};gr(ho,{APIError:()=>Ae.APIError,callbackOAuth:()=>Fe,changeEmail:()=>Xe,changePassword:()=>Je,createAuthEndpoint:()=>A,createAuthMiddleware:()=>ne,createEmailVerificationToken:()=>V,deleteUser:()=>Ye,deleteUserCallback:()=>Ee,error:()=>et,forgetPassword:()=>Ge,forgetPasswordCallback:()=>We,freshSessionMiddleware:()=>oo,getEndpoints:()=>cr,getSession:()=>ye,getSessionFromCtx:()=>X,linkSocialAccount:()=>it,listSessions:()=>je,listUserAccounts:()=>nt,ok:()=>tt,optionsMiddleware:()=>Te,originCheckMiddleware:()=>Oe,resetPassword:()=>Qe,revokeOtherSessions:()=>Be,revokeSession:()=>Ne,revokeSessions:()=>$e,router:()=>go,sendVerificationEmail:()=>Ve,sendVerificationEmailFn:()=>tr,sessionMiddleware:()=>D,setPassword:()=>Ke,signInEmail:()=>ze,signInSocial:()=>qe,signOut:()=>He,signUpEmail:()=>rt,updateUser:()=>Ze,verifyEmail:()=>Me});module.exports=wr(ho);var O=require("better-call");var pt=require("better-call");var ee=require("better-call"),Te=(0,ee.createMiddleware)(async()=>({})),ne=(0,ee.createMiddlewareCreator)({use:[Te,(0,ee.createMiddleware)(async()=>({}))]}),A=(0,ee.createEndpointCreator)({use:[Te]});function ve(e){return e==="-"||e==="^"||e==="$"||e==="+"||e==="."||e==="("||e===")"||e==="|"||e==="["||e==="]"||e==="{"||e==="}"||e==="*"||e==="?"||e==="\\"?`\\${e}`:e}function yr(e){let t="";for(let r=0;r<e.length;r++)t+=ve(e[r]);return t}function at(e,t=!0){if(Array.isArray(e))return`(?:${e.map(u=>`^${at(u,t)}$`).join("|")})`;let r="",o="",n=".";t===!0?(r="/",o="[/\\\\]",n="[^/\\\\]"):t&&(r=t,o=yr(r),o.length>1?(o=`(?:${o})`,n=`((?!${o}).)`):n=`[^${o}]`);let i=t?`${o}+?`:"",s=t?`${o}*?`:"",c=t?e.split(r):[e],a="";for(let d=0;d<c.length;d++){let u=c[d],h=c[d+1],p="";if(!(!u&&d>0)){if(t&&(d===c.length-1?p=s:h!=="**"?p=i:p=""),t&&u==="**"){p&&(a+=d===0?"":p,a+=`(?:${n}*?${p})*?`);continue}for(let l=0;l<u.length;l++){let b=u[l];b==="\\"?l<u.length-1&&(a+=ve(u[l+1]),l++):b==="?"?a+=n:b==="*"?a+=`${n}*?`:a+=ve(b)}a+=p}}return a}function br(e,t){if(typeof t!="string")throw new TypeError(`Sample must be a string, but ${typeof t} given`);return e.test(t)}function me(e,t){if(typeof e!="string"&&!Array.isArray(e))throw new TypeError(`The first argument must be a single pattern string or an array of patterns, but ${typeof e} given`);if((typeof t=="string"||typeof t=="boolean")&&(t={separator:t}),arguments.length===2&&!(typeof t>"u"||typeof t=="object"&&t!==null&&!Array.isArray(t)))throw new TypeError(`The second argument must be an options object or a string/boolean separator, but ${typeof t} given`);if(t=t||{},t.separator==="\\")throw new Error("\\ is not a valid separator because it is used for escaping. Try setting the separator to `true` instead");let r=at(e,t.separator),o=new RegExp(`^${r}$`,t.flags),n=br.bind(null,o);return n.options=t,n.pattern=e,n.regexp=o,n}var fe=Object.create(null),le=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?fe:globalThis),ct=new Proxy(fe,{get(e,t){return le()[t]??fe[t]},has(e,t){let r=le();return t in r||t in fe},set(e,t,r){let o=le(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=le(!0);return delete r[t],!0},ownKeys(){let e=le(!0);return Object.keys(e)}});function Ar(e){return e?e!=="false":!1}var Se=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var ge=Se==="dev"||Se==="development",dt=Se==="test"||Ar(ct.TEST);var Z=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};function lt(e){try{return new URL(e).origin}catch{return null}}function ut(e){return e.includes("://")?new URL(e).host:e}var Oe=ne(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,n=e.headers?.get("origin")||e.headers?.get("referer")||"",i=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,c=r?.currentURL,a=t?.errorCallbackURL,d=t?.newUserCallbackURL,u=o.trustedOrigins,h=e.headers?.has("cookie"),p=(b,E)=>b.startsWith("/")?!1:E.includes("*")?me(E)(ut(b)):b.startsWith(E),l=(b,E)=>{if(!b)return;if(!u.some(M=>p(b,M)||b?.startsWith("/")&&E!=="origin"&&!b.includes(":")))throw e.context.logger.error(`Invalid ${E}: ${b}`),e.context.logger.info(`If it's a valid URL, please add ${b} to trustedOrigins in your auth config
1
+ "use strict";var _e=Object.defineProperty;var pr=Object.getOwnPropertyDescriptor;var mr=Object.getOwnPropertyNames;var fr=Object.prototype.hasOwnProperty;var gr=(e,t)=>{for(var r in t)_e(e,r,{get:t[r],enumerable:!0})},hr=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of mr(t))!fr.call(e,n)&&n!==r&&_e(e,n,{get:()=>t[n],enumerable:!(o=pr(t,n))||o.enumerable});return e};var wr=e=>hr(_e({},"__esModule",{value:!0}),e);var ho={};gr(ho,{APIError:()=>Ae.APIError,callbackOAuth:()=>Fe,changeEmail:()=>Xe,changePassword:()=>Je,createAuthEndpoint:()=>A,createAuthMiddleware:()=>ne,createEmailVerificationToken:()=>V,deleteUser:()=>Ye,deleteUserCallback:()=>Ee,error:()=>et,forgetPassword:()=>Ge,forgetPasswordCallback:()=>We,freshSessionMiddleware:()=>oo,getEndpoints:()=>cr,getSession:()=>ye,getSessionFromCtx:()=>X,linkSocialAccount:()=>it,listSessions:()=>je,listUserAccounts:()=>nt,ok:()=>tt,optionsMiddleware:()=>Te,originCheckMiddleware:()=>Oe,resetPassword:()=>Qe,revokeOtherSessions:()=>Be,revokeSession:()=>Ne,revokeSessions:()=>$e,router:()=>go,sendVerificationEmail:()=>Ve,sendVerificationEmailFn:()=>tr,sessionMiddleware:()=>D,setPassword:()=>Ke,signInEmail:()=>ze,signInSocial:()=>qe,signOut:()=>He,signUpEmail:()=>rt,updateUser:()=>Ze,verifyEmail:()=>Me});module.exports=wr(ho);var O=require("better-call");var pt=require("better-call");var ee=require("better-call"),Te=(0,ee.createMiddleware)(async()=>({})),ne=(0,ee.createMiddlewareCreator)({use:[Te,(0,ee.createMiddleware)(async()=>({}))]}),A=(0,ee.createEndpointCreator)({use:[Te]});function ve(e){return e==="-"||e==="^"||e==="$"||e==="+"||e==="."||e==="("||e===")"||e==="|"||e==="["||e==="]"||e==="{"||e==="}"||e==="*"||e==="?"||e==="\\"?`\\${e}`:e}function yr(e){let t="";for(let r=0;r<e.length;r++)t+=ve(e[r]);return t}function at(e,t=!0){if(Array.isArray(e))return`(?:${e.map(u=>`^${at(u,t)}$`).join("|")})`;let r="",o="",n=".";t===!0?(r="/",o="[/\\\\]",n="[^/\\\\]"):t&&(r=t,o=yr(r),o.length>1?(o=`(?:${o})`,n=`((?!${o}).)`):n=`[^${o}]`);let i=t?`${o}+?`:"",s=t?`${o}*?`:"",c=t?e.split(r):[e],a="";for(let d=0;d<c.length;d++){let u=c[d],h=c[d+1],p="";if(!(!u&&d>0)){if(t&&(d===c.length-1?p=s:h!=="**"?p=i:p=""),t&&u==="**"){p&&(a+=d===0?"":p,a+=`(?:${n}*?${p})*?`);continue}for(let l=0;l<u.length;l++){let b=u[l];b==="\\"?l<u.length-1&&(a+=ve(u[l+1]),l++):b==="?"?a+=n:b==="*"?a+=`${n}*?`:a+=ve(b)}a+=p}}return a}function br(e,t){if(typeof t!="string")throw new TypeError(`Sample must be a string, but ${typeof t} given`);return e.test(t)}function me(e,t){if(typeof e!="string"&&!Array.isArray(e))throw new TypeError(`The first argument must be a single pattern string or an array of patterns, but ${typeof e} given`);if((typeof t=="string"||typeof t=="boolean")&&(t={separator:t}),arguments.length===2&&!(typeof t>"u"||typeof t=="object"&&t!==null&&!Array.isArray(t)))throw new TypeError(`The second argument must be an options object or a string/boolean separator, but ${typeof t} given`);if(t=t||{},t.separator==="\\")throw new Error("\\ is not a valid separator because it is used for escaping. Try setting the separator to `true` instead");let r=at(e,t.separator),o=new RegExp(`^${r}$`,t.flags),n=br.bind(null,o);return n.options=t,n.pattern=e,n.regexp=o,n}var fe=Object.create(null),le=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?fe:globalThis),ct=new Proxy(fe,{get(e,t){return le()[t]??fe[t]},has(e,t){let r=le();return t in r||t in fe},set(e,t,r){let o=le(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=le(!0);return delete r[t],!0},ownKeys(){let e=le(!0);return Object.keys(e)}});function Ar(e){return e?e!=="false":!1}var Se=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var ge=Se==="dev"||Se==="development",dt=Se==="test"||Ar(ct.TEST);var Z=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};function lt(e){try{return new URL(e).origin}catch{return null}}function ut(e){return e.includes("://")?new URL(e).host:e}var Oe=ne(async e=>{let{body:t,query:r,context:o}=e,n=e.headers?.get("origin")||e.headers?.get("referer")||"",i=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,c=r?.currentURL,a=t?.errorCallbackURL,d=t?.newUserCallbackURL,u=o.trustedOrigins,h=e.headers?.has("cookie"),p=(b,E)=>b.startsWith("/")?!1:E.includes("*")?me(E)(ut(b)):b.startsWith(E),l=(b,E)=>{if(!b)return;if(!u.some(M=>p(b,M)||b?.startsWith("/")&&E!=="origin"&&!b.includes(":")))throw e.context.logger.error(`Invalid ${E}: ${b}`),e.context.logger.info(`If it's a valid URL, please add ${b} to trustedOrigins in your auth config
2
2
  `,`Current list of trustedOrigins: ${u}`),new pt.APIError("FORBIDDEN",{message:`Invalid ${E}`})};h&&!e.context.options.advanced?.disableCSRFCheck&&l(n,"origin"),i&&l(i,"callbackURL"),s&&l(s,"redirectURL"),c&&l(c,"currentURL"),a&&l(a,"errorCallbackURL"),d&&l(s,"newUserCallbackURL")});var x=require("better-call"),v=require("zod");var J=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var mt=require("@better-auth/utils/base64");var ft=require("@better-auth/utils/hmac");async function xe(e,t){if(e.context.options.session?.cookieCache?.enabled){let o=mt.base64Url.encode(JSON.stringify({session:t,expiresAt:J(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await(0,ft.createHMAC)("SHA-256","base64urlnopad").sign(e.context.secret,JSON.stringify(t))}),{padding:!1});if(o.length>4093)throw new Z("Session data is too large to store in the cookie. Please disable session cookie caching or reduce the size of the session data");e.setCookie(e.context.authCookies.sessionData.name,o,e.context.authCookies.sessionData.options)}}async function I(e,t,r,o){let n=e.context.authCookies.sessionToken.options,i=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...n,maxAge:i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),await xe(e,t),e.context.setNewSession(t),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),Math.floor((new Date(t.session.expiresAt).getTime()-Date.now())/1e3))}function q(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}var Rr=Object.defineProperty,kr=Object.defineProperties,Er=Object.getOwnPropertyDescriptors,gt=Object.getOwnPropertySymbols,Ur=Object.prototype.hasOwnProperty,_r=Object.prototype.propertyIsEnumerable,ht=(e,t,r)=>t in e?Rr(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,te=(e,t)=>{for(var r in t||(t={}))Ur.call(t,r)&&ht(e,r,t[r]);if(gt)for(var r of gt(t))_r.call(t,r)&&ht(e,r,t[r]);return e},re=(e,t)=>kr(e,Er(t)),Tr=class extends Error{constructor(e,t,r){super(t||e.toString(),{cause:r}),this.status=e,this.statusText=t,this.error=r}},vr=async(e,t)=>{var r,o,n,i,s,c;let a=t||{},d={onRequest:[t?.onRequest],onResponse:[t?.onResponse],onSuccess:[t?.onSuccess],onError:[t?.onError],onRetry:[t?.onRetry]};if(!t||!t?.plugins)return{url:e,options:a,hooks:d};for(let u of t?.plugins||[]){if(u.init){let h=await((r=u.init)==null?void 0:r.call(u,e.toString(),t));a=h.options||a,e=h.url}d.onRequest.push((o=u.hooks)==null?void 0:o.onRequest),d.onResponse.push((n=u.hooks)==null?void 0:n.onResponse),d.onSuccess.push((i=u.hooks)==null?void 0:i.onSuccess),d.onError.push((s=u.hooks)==null?void 0:s.onError),d.onRetry.push((c=u.hooks)==null?void 0:c.onRetry)}return{url:e,options:a,hooks:d}},wt=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(){return this.options.delay}},Sr=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(e){return Math.min(this.options.maxDelay,this.options.baseDelay*2**e)}};function Or(e){if(typeof e=="number")return new wt({type:"linear",attempts:e,delay:1e3});switch(e.type){case"linear":return new wt(e);case"exponential":return new Sr(e);default:throw new Error("Invalid retry strategy")}}var xr=e=>{let t={},r=o=>typeof o=="function"?o():o;if(e?.auth){if(e.auth.type==="Bearer"){let o=r(e.auth.token);if(!o)return t;t.authorization=`Bearer ${o}`}else if(e.auth.type==="Basic"){let o=r(e.auth.username),n=r(e.auth.password);if(!o||!n)return t;t.authorization=`Basic ${btoa(`${o}:${n}`)}`}else if(e.auth.type==="Custom"){let o=r(e.auth.value);if(!o)return t;t.authorization=`${r(e.auth.prefix)} ${o}`}}return t},At=["get","post","put","patch","delete"];var Pr=/^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;function Lr(e){let t=e.headers.get("content-type"),r=new Set(["image/svg","application/xml","application/xhtml","application/html"]);if(!t)return"json";let o=t.split(";").shift()||"";return Pr.test(o)?"json":r.has(o)||o.startsWith("text/")?"text":"blob"}function Ir(e){try{return JSON.parse(e),!0}catch{return!1}}function Rt(e){if(e===void 0)return!1;let t=typeof e;return t==="string"||t==="number"||t==="boolean"||t===null?!0:t!=="object"?!1:Array.isArray(e)?!0:e.buffer?!1:e.constructor&&e.constructor.name==="Object"||typeof e.toJSON=="function"}function yt(e){try{return JSON.parse(e)}catch{return e}}function bt(e){return typeof e=="function"}function Dr(e){if(e?.customFetchImpl)return e.customFetchImpl;if(typeof globalThis<"u"&&bt(globalThis.fetch))return globalThis.fetch;if(typeof window<"u"&&bt(window.fetch))return window.fetch;throw new Error("No fetch implementation found")}function Cr(e){let t=new Headers(e?.headers),r=xr(e);for(let[o,n]of Object.entries(r||{}))t.set(o,n);if(!t.has("content-type")){let o=jr(e?.body);o&&t.set("content-type",o)}return t}function jr(e){return Rt(e)?"application/json":null}function Nr(e){if(!e?.body)return null;let t=new Headers(e?.headers);return Rt(e.body)&&!t.has("content-type")?JSON.stringify(e.body):e.body}function $r(e,t){var r;if(t?.method)return t.method.toUpperCase();if(e.startsWith("@")){let o=(r=e.split("@")[1])==null?void 0:r.split("/")[0];return At.includes(o)?o.toUpperCase():t?.body?"POST":"GET"}return t?.body?"POST":"GET"}function Br(e,t){let r;return!e?.signal&&e?.timeout&&(r=setTimeout(()=>t?.abort(),e?.timeout)),{abortTimeout:r,clearTimeout:()=>{r&&clearTimeout(r)}}}function Vr(e,t){let{baseURL:r,params:o,query:n}=t||{query:{},params:{},baseURL:""},i=e.startsWith("http")?e.split("/").slice(0,3).join("/"):r;if(!i)throw new TypeError(`Invalid URL ${e}. Are you passing in a relative URL but not setting the baseURL?`);if(e.startsWith("@")){let h=e.toString().split("@")[1].split("/")[0];At.includes(h)&&(e=e.replace(`@${h}/`,"/"))}i.endsWith("/")||(i+="/");let[s,c]=e.replace(i,"").split("?"),a=new URLSearchParams(c);for(let[h,p]of Object.entries(n||{}))a.set(h,String(p));if(o)if(Array.isArray(o)){let h=s.split("/").filter(p=>p.startsWith(":"));for(let[p,l]of h.entries()){let b=o[p];s=s.replace(l,b)}}else for(let[h,p]of Object.entries(o))s=s.replace(`:${h}`,String(p));s=s.split("/").map(encodeURIComponent).join("/"),s.startsWith("/")&&(s=s.slice(1));let d=a.size>0?`?${a}`.replace(/\+/g,"%20"):"";return new URL(`${s}${d}`,i)}var R=async(e,t)=>{var r,o,n,i,s,c,a,d;let{hooks:u,url:h,options:p}=await vr(e,t),l=Dr(p),b=new AbortController,E=(r=p.signal)!=null?r:b.signal,P=Vr(h,p),M=Nr(p),C=Cr(p),m=$r(h,p),f=re(te({},p),{url:P,headers:C,body:M,method:m,signal:E});for(let N of u.onRequest)if(N){let L=await N(f);L instanceof Object&&(f=L)}("pipeTo"in f&&typeof f.pipeTo=="function"||typeof((o=t?.body)==null?void 0:o.pipe)=="function")&&("duplex"in f||(f.duplex="half"));let{clearTimeout:S}=Br(p,b),w=await l(f.url,f);S();let pe={response:w,request:f};for(let N of u.onResponse)if(N){let L=await N(re(te({},pe),{response:(n=t?.hookOptions)!=null&&n.cloneResponse?w.clone():w}));L instanceof Response?w=L:L instanceof Object&&(w=L.response)}if(w.ok){if(!(f.method!=="HEAD"))return{data:"",error:null};let L=Lr(w),W={data:"",response:w,request:f};if(L==="json"||L==="text"){let Q=await w.text(),ur=await((i=f.jsonParser)!=null?i:yt)(Q);W.data=ur}else W.data=await w[L]();f?.output&&f.output&&!f.disableValidation&&(W.data=f.output.parse(W.data));for(let Q of u.onSuccess)Q&&await Q(re(te({},W),{response:(s=t?.hookOptions)!=null&&s.cloneResponse?w.clone():w}));return t?.throw?W.data:{data:W.data,error:null}}let dr=(c=t?.jsonParser)!=null?c:yt,st=await w.text(),Ue=Ir(st)?await dr(st):{},lr={response:w,request:f,error:re(te({},Ue),{status:w.status,statusText:w.statusText})};for(let N of u.onError)N&&await N(re(te({},lr),{response:(a=t?.hookOptions)!=null&&a.cloneResponse?w.clone():w}));if(t?.retry){let N=Or(t.retry),L=(d=t.retryAttempt)!=null?d:0;if(await N.shouldAttemptRetry(L,w)){for(let Q of u.onRetry)Q&&await Q(pe);let W=N.getDelay(L);return await new Promise(Q=>setTimeout(Q,W)),await R(e,re(te({},t),{retryAttempt:L+1}))}}if(t?.throw)throw new Tr(w.status,w.statusText,Ue);return{data:null,error:re(te({},Ue),{status:w.status,statusText:w.statusText})}};var Ot=require("better-call"),K=require("jose");var kt=require("@better-auth/utils/hash"),Et=require("@better-auth/utils/base64");async function Ut(e){let t=await(0,kt.createHash)("SHA-256").digest(e);return Et.base64Url.encode(new Uint8Array(t),{padding:!1})}function he(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?J(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function U({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,redirectURI:c,duration:a}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",i.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||c),n){let u=await Ut(n);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",u)}if(s){let u=s.reduce((h,p)=>(h[p]=null,h),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...u}}))}return a&&d.searchParams.set("duration",a),d}var Mr=require("jose");async function k({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n,authentication:i}){let s=new URLSearchParams,c={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),i==="basic"){let h=btoa(`${o.clientId}:${o.clientSecret}`);c.authorization=`Basic ${h}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:a,error:d}=await R(n,{method:"POST",body:s,headers:c});if(d)throw d;return he(a)}var z=require("zod"),Le=require("better-call");var Wr=require("@better-auth/utils/hash"),Qr=require("@noble/ciphers/chacha"),Pe=require("@noble/ciphers/utils"),Zr=require("@noble/ciphers/webcrypto");var zr=require("@better-auth/utils/hash");var _t=require("jose");async function Tt(e,t,r=3600){return await new _t.SignJWT(e).setProtectedHeader({alg:"HS256"}).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+r).sign(new TextEncoder().encode(t))}var Fr=require("@noble/hashes/scrypt"),Hr=require("uncrypto"),Gr=require("@better-auth/utils/hex");var vt=require("@better-auth/utils/random"),ue=(0,vt.createRandomStringGenerator)("a-z","0-9","A-Z","-_");async function we(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?lt(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Le.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=ue(128),n=ue(32),i=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,newUserURL:e.body?.newUserCallbackURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:i,identifier:n,expiresAt:s});if(!c)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Le.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function St(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=z.z.object({callbackURL:z.z.string(),codeVerifier:z.z.string(),errorURL:z.z.string().optional(),newUserURL:z.z.string().optional(),expiresAt:z.z.number(),link:z.z.object({email:z.z.string(),userId:z.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var xt=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=o||["email","name"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${e.redirectURI||n}&scope=${i.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>k({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let n=(0,K.decodeProtectedHeader)(r),{kid:i,alg:s}=n;if(!i||!s)return!1;let c=await Jr(i),{payload:a}=await(0,K.jwtVerify)(r,c,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.appBundleIdentifier||e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{a[d]!==void 0&&(a[d]=!!a[d])}),o&&a.nonce!==o?!1:!!a},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let o=(0,K.decodeJwt)(r.idToken);if(!o)return null;let n=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email,i=await e.mapProfileToUser?.(o);return{user:{id:o.sub,name:n,emailVerified:!1,email:o.email,...i},data:o}}}},Jr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await R(`${t}${r}`);if(!o?.keys)throw new Ot.APIError("BAD_REQUEST",{message:"Keys not found"});let n=o.keys.find(i=>i.kid===e);if(!n)throw new Error(`JWK with kid ${e} not found`);return await(0,K.importJWK)(n,n.alg)};var Pt=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["identify","email"];return e.scope&&n.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}&prompt=${e.prompt||"none"}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}let n=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url,...n},data:r}}});var Lt=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["email","public_profile"];return e.scope&&n.push(...e.scope),await U({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});if(o)return null;let n=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified,...n},data:r}}});var It=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),U({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>k({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:o,error:n}=await R("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1,{data:s}=await R("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});s&&(o.email=(s.find(a=>a.primary)??s[0])?.email,i=s.find(a=>a.email===o.email)?.verified??!1);let c=await e.mapProfileToUser?.(o);return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i,...c},data:o}}}};var Ie=["info","success","warn","error","debug"];function Kr(e,t){return Ie.indexOf(t)<=Ie.indexOf(e)}var F={reset:"\x1B[0m",bright:"\x1B[1m",dim:"\x1B[2m",underscore:"\x1B[4m",blink:"\x1B[5m",reverse:"\x1B[7m",hidden:"\x1B[8m",fg:{black:"\x1B[30m",red:"\x1B[31m",green:"\x1B[32m",yellow:"\x1B[33m",blue:"\x1B[34m",magenta:"\x1B[35m",cyan:"\x1B[36m",white:"\x1B[37m"},bg:{black:"\x1B[40m",red:"\x1B[41m",green:"\x1B[42m",yellow:"\x1B[43m",blue:"\x1B[44m",magenta:"\x1B[45m",cyan:"\x1B[46m",white:"\x1B[47m"}},Yr={info:F.fg.blue,success:F.fg.green,warn:F.fg.yellow,error:F.fg.red,debug:F.fg.magenta},Xr=(e,t)=>{let r=new Date().toISOString();return`${F.dim}${r}${F.reset} ${Yr[e]}${e.toUpperCase()}${F.reset} ${F.bright}[Better Auth]:${F.reset} ${t}`},eo=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(n,i,s=[])=>{if(!t||!Kr(r,n))return;let c=Xr(n,i);if(!e||typeof e.log!="function"){n==="error"?console.error(c,...s):n==="warn"?console.warn(c,...s):console.log(c,...s);return}e.log(n==="success"?"info":n,c,...s)};return Object.fromEntries(Ie.map(n=>[n,(...[i,...s])=>o(n,i,s)]))},$=eo();var Dt=require("jose"),Ct=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw $.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new Z("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new Z("codeVerifier is required for Google");let i=r||["email","profile","openid"];e.scope&&i.push(...e.scope);let s=await U({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:n}=await R(o);return n?n.aud===e.clientId&&n.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=(0,Dt.decodeJwt)(t.idToken),o=await e.mapProfileToUser?.(r);return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified,...o},data:r}}});var jt=require("jose"),Nt=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=n.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),U({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return k({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(e.getUserInfo)return e.getUserInfo(n);if(!n.idToken)return null;let i=(0,jt.decodeJwt)(n.idToken),s=e.profilePhotoSize||48;await R(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let u=await a.response.clone().arrayBuffer(),h=Buffer.from(u).toString("base64");i.picture=`data:image/jpeg;base64, ${h}`}catch(d){$.error(d&&typeof d=="object"&&"name"in d?d.name:"",d)}}});let c=await e.mapProfileToUser?.(i);return{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0,...c},data:i}}}};var $t=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=r||["user-read-email"];return e.scope&&i.push(...e.scope),U({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(o)return null;let n=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1,...n},data:r}}});var ie={isAction:!1};var Bt=require("@better-auth/utils/random"),Vt=e=>(0,Bt.createRandomStringGenerator)("a-z","A-Z","0-9")(e||32);var Mt=require("jose"),qt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["user:read:email","openid"];return e.scope&&n.push(...e.scope),U({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return $.error("No idToken found in token"),null;let o=(0,Mt.decodeJwt)(r),n=await e.mapProfileToUser?.(o);return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1,...n},data:o}}});var zt=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),U({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(o)return null;let n=await e.mapProfileToUser?.(r);return{user:{id:r.data.id,name:r.data.name,email:r.data.username||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1,...n},data:r}}});var Ft=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:n,redirectURI:i})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await U({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>await k({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:o,error:n}=await R("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=await e.mapProfileToUser?.(o);return{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url,...i},data:o}}}};var Ht=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:n,redirectURI:i})=>{let s=n||["profile","email","openid"];return e.scope&&s.push(...e.scope),await U({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:i})},validateAuthorizationCode:async({code:o,redirectURI:n})=>await k({code:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:n,error:i}=await R("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});if(i)return null;let s=await e.mapProfileToUser?.(n);return{user:{id:n.sub,name:n.name,email:n.email,emailVerified:n.email_verified||!1,image:n.picture,...s},data:n}}}};var De=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),to=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:De(`${t}/oauth/authorize`),tokenEndpoint:De(`${t}/oauth/token`),userinfoEndpoint:De(`${t}/api/v4/user`)}},Gt=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=to(e.issuer),n="gitlab";return{id:n,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:c,codeVerifier:a,redirectURI:d})=>{let u=c||["read_user"];return e.scope&&u.push(...e.scope),await U({id:n,options:e,authorizationEndpoint:t,scopes:u,state:s,redirectURI:d,codeVerifier:a})},validateAuthorizationCode:async({code:s,redirectURI:c,codeVerifier:a})=>k({code:s,redirectURI:e.redirectURI||c,options:e,codeVerifier:a,tokenEndpoint:r}),async getUserInfo(s){if(e.getUserInfo)return e.getUserInfo(s);let{data:c,error:a}=await R(o,{headers:{authorization:`Bearer ${s.accessToken}`}});if(a||c.state!=="active"||c.locked)return null;let d=await e.mapProfileToUser?.(c);return{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0,...d},data:c}}}};var Wt=e=>({id:"reddit",name:"Reddit",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["identity"];return e.scope&&n.push(...e.scope),U({id:"reddit",options:e,authorizationEndpoint:"https://www.reddit.com/api/v1/authorize",scopes:n,state:t,redirectURI:o,duration:e.duration})},validateAuthorizationCode:async({code:t,redirectURI:r})=>{let o=new URLSearchParams({grant_type:"authorization_code",code:t,redirect_uri:e.redirectURI||r}),n={"content-type":"application/x-www-form-urlencoded",accept:"text/plain","user-agent":"better-auth",Authorization:`Basic ${Buffer.from(`${e.clientId}:${e.clientSecret}`).toString("base64")}`},{data:i,error:s}=await R("https://www.reddit.com/api/v1/access_token",{method:"POST",headers:n,body:o.toString()});if(s)throw s;return he(i)},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://oauth.reddit.com/api/v1/me",{headers:{Authorization:`Bearer ${t.accessToken}`,"User-Agent":"better-auth"}});if(o)return null;let n=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.oauth_client_id,emailVerified:r.has_verified_email,image:r.icon_img?.split("?")[0],...n},data:r}}});var Qt=require("zod"),ro={apple:xt,discord:Pt,facebook:Lt,github:It,microsoft:Nt,google:Ct,spotify:$t,twitch:qt,twitter:zt,dropbox:Ft,linkedin:Ht,gitlab:Gt,reddit:Wt},Ce=Object.keys(ro),Zt=Qt.z.enum(Ce,{description:"OAuth2 provider to use"});var B=require("zod");var se=require("better-call");var H=require("better-call");var Y=require("zod");function Jt(e){try{return JSON.parse(e)}catch{return null}}var g={USER_NOT_FOUND:"User not found",FAILED_TO_CREATE_USER:"Failed to create user",FAILED_TO_CREATE_SESSION:"Failed to create session",FAILED_TO_UPDATE_USER:"Failed to update user",FAILED_TO_GET_SESSION:"Failed to get session",INVALID_PASSWORD:"Invalid password",INVALID_EMAIL:"Invalid email",INVALID_EMAIL_OR_PASSWORD:"Invalid email or password",SOCIAL_ACCOUNT_ALREADY_LINKED:"Social account already linked",PROVIDER_NOT_FOUND:"Provider not found",INVALID_TOKEN:"invalid token",ID_TOKEN_NOT_SUPPORTED:"id_token not supported",FAILED_TO_GET_USER_INFO:"Failed to get user info",USER_EMAIL_NOT_FOUND:"User email not found",EMAIL_NOT_VERIFIED:"Email not verified",PASSWORD_TOO_SHORT:"Password too short",PASSWORD_TOO_LONG:"Password too long",USER_ALREADY_EXISTS:"User already exists",EMAIL_CAN_NOT_BE_UPDATED:"Email can not be updated",CREDENTIAL_ACCOUNT_NOT_FOUND:"Credential account not found",SESSION_EXPIRED:"Session expired. Re-authenticate to perform this action."};var Kt=require("@better-auth/utils/hmac"),Yt=require("@better-auth/utils/base64"),Xt=require("@better-auth/utils/binary"),ye=()=>A("/get-session",{method:"GET",query:Y.z.optional(Y.z.object({disableCookieCache:Y.z.boolean({description:"Disable cookie cache and fetch session from database"}).or(Y.z.string().transform(e=>e==="true")).optional(),disableRefresh:Y.z.boolean({description:"Disable session refresh. Useful for checking session status, without updating the session"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?Jt(Xt.binary.decode(Yt.base64.decode(r))):null;if(o&&!await(0,Kt.createHMAC)("SHA-256","base64urlnopad").verify(e.context.secret,JSON.stringify(o.session),o.signature))return q(e),e.json(null);let n=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let u=o.session;if(o.expiresAt<Date.now()||u.session.expiresAt<new Date){let p=e.context.authCookies.sessionData.name;e.setCookie(p,"",{maxAge:0})}else return e.json(u)}let i=await e.context.internalAdapter.findSession(t);if(e.context.session=i,!i||i.session.expiresAt<new Date)return q(e),i&&await e.context.internalAdapter.deleteSession(i.session.token),e.json(null);if(n||e.query?.disableRefresh)return e.json(i);let s=e.context.sessionConfig.expiresIn,c=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-s*1e3+c*1e3<=Date.now()){let u=await e.context.internalAdapter.updateSession(i.session.token,{expiresAt:J(e.context.sessionConfig.expiresIn,"sec")});if(!u)return q(e),e.json(null,{status:401});let h=(u.expiresAt.valueOf()-Date.now())/1e3;return await I(e,{session:u,user:i.user},!1,{maxAge:h}),e.json({session:u,user:i.user})}return await xe(e,i),e.json(i)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new H.APIError("INTERNAL_SERVER_ERROR",{message:g.FAILED_TO_GET_SESSION})}}),X=async(e,t)=>{if(e.context.session)return e.context.session;let r=await ye()({...e,_flag:"json",headers:e.headers,query:t}).catch(o=>null);return e.context.session=r,r},D=ne(async e=>{let t=await X(e);if(!t?.session)throw new H.APIError("UNAUTHORIZED");return{session:t}}),oo=ne(async e=>{let t=await X(e);if(!t?.session)throw new H.APIError("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,o=t.session.updatedAt?.valueOf()||t.session.createdAt.valueOf();if(!(Date.now()-o<r*1e3))throw new H.APIError("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),je=()=>A("/list-sessions",{method:"GET",use:[D],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ne=A("/revoke-session",{method:"POST",body:Y.z.object({token:Y.z.string({description:"The token to revoke"})}),use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new H.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new H.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new H.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),$e=A("/revoke-sessions",{method:"POST",use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new H.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Be=A("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[D],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new H.APIError("UNAUTHORIZED");let n=(await e.context.internalAdapter.listSessions(t.user.id)).filter(i=>i.expiresAt>new Date).filter(i=>i.token!==e.context.session.session.token);return await Promise.all(n.map(i=>e.context.internalAdapter.deleteSession(i.token))),e.json({status:!0})});var er=require("jose");async function V(e,t,r){return await Tt({email:t.toLowerCase(),updateTo:r},e)}async function tr(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new se.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await V(e.context.secret,t.email),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:o,token:r},e.request)}var Ve=A("/send-verification-email",{method:"POST",query:B.z.object({currentURL:B.z.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:B.z.object({email:B.z.string({description:"The email to send the verification email to"}).email(),callbackURL:B.z.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new se.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new se.APIError("BAD_REQUEST",{message:g.USER_NOT_FOUND});return await tr(e,r.user),e.json({status:!0})}),Me=A("/verify-email",{method:"GET",query:B.z.object({token:B.z.string({description:"The token to verify the email"}),callbackURL:B.z.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(c){throw e.query.callbackURL?e.query.callbackURL.includes("?")?e.redirect(`${e.query.callbackURL}&error=${c}`):e.redirect(`${e.query.callbackURL}?error=${c}`):new se.APIError("UNAUTHORIZED",{message:c})}let{token:r}=e.query,o;try{o=await(0,er.jwtVerify)(r,new TextEncoder().encode(e.context.secret),{algorithms:["HS256"]})}catch(c){return e.context.logger.error("Failed to verify email",c),t("invalid_token")}let i=B.z.object({email:B.z.string().email(),updateTo:B.z.string().optional()}).parse(o.payload),s=await e.context.internalAdapter.findUserByEmail(i.email);if(!s)return t("user_not_found");if(i.updateTo){let c=await X(e);if(!c){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(c.user.email!==i.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let a=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo,emailVerified:!1}),d=await V(e.context.secret,i.updateTo);if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${d}`,token:d},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification){let c=await X(e);if(!c||c.user.email!==i.email){let a=await e.context.internalAdapter.createSession(s.user.id,e.request);if(!a)throw new se.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await I(e,{session:a,user:s.user})}}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})});async function be(e,{userInfo:t,account:r,callbackURL:o}){let n=await e.context.internalAdapter.findOAuthUser(t.email.toLowerCase(),r.accountId,r.providerId).catch(a=>{throw $.error(`Better auth was unable to query your database.
3
3
  Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),i=n?.user,s=!i;if(n){let a=n.accounts.find(d=>d.providerId===r.providerId);if(a){let d=Object.fromEntries(Object.entries({accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt}).filter(([u,h])=>h!==void 0));Object.keys(d).length>0&&await e.context.internalAdapter.updateAccount(a.id,d)}else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return ge&&$.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:n.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(h){return $.error("Unable to link account",h),{error:"unable to link account",data:null}}}}else try{if(i=await e.context.internalAdapter.createOAuthUser({...t,email:t.email.toLowerCase(),id:void 0},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(a=>a?.user),!t.emailVerified&&i&&e.context.options.emailVerification?.sendOnSignUp){let a=await V(e.context.secret,i.email),d=`${e.context.baseURL}/verify-email?token=${a}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:i,url:d,token:a},e.request)}}catch(a){return a instanceof Ae.APIError?{error:a.message,data:null,isRegister:!1}:{error:"unable to create user",data:null,isRegister:!1}}if(!i)return{error:"unable to create user",data:null,isRegister:!1};let c=await e.context.internalAdapter.createSession(i.id,e.request);return c?{data:{session:c,user:i},error:null,isRegister:s}:{error:"unable to create session",data:null,isRegister:!1}}var qe=A("/sign-in/social",{method:"POST",query:v.z.object({currentURL:v.z.string().optional()}).optional(),body:v.z.object({callbackURL:v.z.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),newUserCallbackURL:v.z.string().optional(),errorCallbackURL:v.z.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:Zt,disableRedirect:v.z.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:v.z.optional(v.z.object({token:v.z.string({description:"ID token from the provider"}),nonce:v.z.string({description:"Nonce used to generate the token"}).optional(),accessToken:v.z.string({description:"Access token from the provider"}).optional(),refreshToken:v.z.string({description:"Refresh token from the provider"}).optional(),expiresAt:v.z.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(i=>i.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new x.APIError("NOT_FOUND",{message:g.PROVIDER_NOT_FOUND});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new x.APIError("NOT_FOUND",{message:g.ID_TOKEN_NOT_SUPPORTED});let{token:i,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(i,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new x.APIError("UNAUTHORIZED",{message:g.INVALID_TOKEN});let a=await t.getUserInfo({idToken:i,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!a||!a?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new x.APIError("UNAUTHORIZED",{message:g.FAILED_TO_GET_USER_INFO});if(!a.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new x.APIError("UNAUTHORIZED",{message:g.USER_EMAIL_NOT_FOUND});let d=await be(e,{userInfo:{email:a.user.email,id:a.user.id,name:a.user.name||"",image:a.user.image,emailVerified:a.user.emailVerified||!1},account:{providerId:t.id,accountId:a.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new x.APIError("UNAUTHORIZED",{message:d.error});return await I(e,d.data),e.json({token:d.data.session.token,url:void 0,redirect:!1})}let{codeVerifier:r,state:o}=await we(e),n=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:n.toString(),redirect:!e.body.disableRedirect})}),ze=A("/sign-in/email",{method:"POST",body:v.z.object({email:v.z.string({description:"Email of the user"}),password:v.z.string({description:"Password of the user"}),callbackURL:v.z.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:v.z.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new x.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!v.z.string().email().safeParse(t).success)throw new x.APIError("BAD_REQUEST",{message:g.INVALID_EMAIL});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new x.APIError("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});let i=n.accounts.find(d=>d.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new x.APIError("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});let s=i?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new x.APIError("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});if(!await e.context.password.verify({hash:s,password:r}))throw e.context.logger.error("Invalid password"),new x.APIError("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new x.APIError("UNAUTHORIZED",{message:g.EMAIL_NOT_VERIFIED});let d=await V(e.context.secret,n.user.email),u=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:n.user,url:u,token:d},e.request),new x.APIError("FORBIDDEN",{message:g.EMAIL_NOT_VERIFIED})}let a=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.rememberMe===!1);if(!a)throw e.context.logger.error("Failed to create session"),new x.APIError("UNAUTHORIZED",{message:g.FAILED_TO_CREATE_SESSION});return await I(e,{session:a,user:n.user},e.body.rememberMe===!1),e.json({user:{id:n.user.id,email:n.user.email,name:n.user.name,image:n.user.image,emailVerified:n.user.emailVerified,createdAt:n.user.createdAt,updatedAt:n.user.updatedAt},token:a.token,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var ae=require("zod");var Re=ae.z.object({code:ae.z.string().optional(),error:ae.z.string().optional(),error_description:ae.z.string().optional(),state:ae.z.string().optional()}),Fe=A("/callback/:id",{method:["GET","POST"],body:Re.optional(),query:Re.optional(),metadata:ie},async e=>{let t;try{if(e.method==="GET")t=Re.parse(e.query);else if(e.method==="POST")t=Re.parse(e.body);else throw new Error("Unsupported method")}catch(m){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",m),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:n,error_description:i}=t;if(!n)throw e.context.logger.error("State not found",o),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}&error_description=${i}`);let s=e.context.socialProviders.find(m=>m.id===e.params.id);if(!s)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:c,callbackURL:a,link:d,errorURL:u,newUserURL:h}=await St(e),p;try{p=await s.validateAuthorizationCode({code:r,codeVerifier:c,redirectURI:`${e.context.baseURL}/callback/${s.id}`})}catch(m){throw e.context.logger.error("",m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let l=await s.getUserInfo(p).then(m=>m?.user);function b(m){let f=u||a||`${e.context.baseURL}/error`;throw f.includes("?")?f=`${f}&error=${m}`:f=`${f}?error=${m}`,e.redirect(f)}if(!l)return e.context.logger.error("Unable to get user info"),b("unable_to_get_user_info");if(!l.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),b("email_not_found");if(!a)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(d){if(d.email!==l.email.toLowerCase())return b("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:d.userId,providerId:s.id,accountId:l.id}))return b("unable_to_link_account");let f;try{f=a.toString()}catch{f=a}throw e.redirect(f)}let E=await be(e,{userInfo:{...l,email:l.email,name:l.name||l.email},account:{providerId:s.id,accountId:l.id,...p,scope:p.scopes?.join(",")},callbackURL:a});if(E.error)return e.context.logger.error(E.error.split(" ").join("_")),b(E.error.split(" ").join("_"));let{session:P,user:M}=E.data;await I(e,{session:P,user:M});let C;try{C=(E.isRegister&&h||a).toString()}catch{C=E.isRegister&&h||a}throw e.redirect(C)});var Ss=require("zod");var rr=require("better-call");var He=A("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw q(e),new rr.APIError("BAD_REQUEST",{message:g.FAILED_TO_GET_SESSION});return await e.context.internalAdapter.deleteSession(t),q(e),e.json({success:!0})});var j=require("zod");var ce=require("better-call");function or(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([n,i])=>o.searchParams.set(n,i)),o.href}function no(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([n,i])=>o.searchParams.set(n,i)),o.href}var Ge=A("/forget-password",{method:"POST",body:j.z.object({email:j.z.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:j.z.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ce.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=J(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n,"sec"),s=Vt(24);await e.context.internalAdapter.createVerificationValue({value:o.user.id.toString(),identifier:`reset-password:${s}`,expiresAt:i});let c=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:c,token:s},e.request),e.json({status:!0})}),We=A("/reset-password/:token",{method:"GET",query:j.z.object({callbackURL:j.z.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(or(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(or(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(no(e.context,r,{token:t}))}),Qe=A("/reset-password",{query:j.z.optional(j.z.object({token:j.z.string().optional(),currentURL:j.z.string().optional()})),method:"POST",body:j.z.object({newPassword:j.z.string({description:"The new password to set"}),token:j.z.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ce.APIError("BAD_REQUEST",{message:g.INVALID_TOKEN});let{newPassword:r}=e.body,o=e.context.password?.config.minPasswordLength,n=e.context.password?.config.maxPasswordLength;if(r.length<o)throw new ce.APIError("BAD_REQUEST",{message:g.PASSWORD_TOO_SHORT});if(r.length>n)throw new ce.APIError("BAD_REQUEST",{message:g.PASSWORD_TOO_LONG});let i=`reset-password:${t}`,s=await e.context.internalAdapter.findVerificationValue(i);if(!s||s.expiresAt<new Date)throw new ce.APIError("BAD_REQUEST",{message:g.INVALID_TOKEN});await e.context.internalAdapter.deleteVerificationValue(s.id);let c=s.value,a=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(c)).find(h=>h.providerId==="credential")?(await e.context.internalAdapter.updatePassword(c,a),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:c,providerId:"credential",password:a,accountId:c}),e.json({status:!0}))});var _=require("zod");var T=require("better-call");var y=require("zod"),nr=require("better-call"),Bs=y.z.object({id:y.z.string(),providerId:y.z.string(),accountId:y.z.string(),userId:y.z.string(),accessToken:y.z.string().nullish(),refreshToken:y.z.string().nullish(),idToken:y.z.string().nullish(),accessTokenExpiresAt:y.z.date().nullish(),refreshTokenExpiresAt:y.z.date().nullish(),scope:y.z.string().nullish(),password:y.z.string().nullish(),createdAt:y.z.date().default(()=>new Date),updatedAt:y.z.date().default(()=>new Date)}),Vs=y.z.object({id:y.z.string(),email:y.z.string().transform(e=>e.toLowerCase()),emailVerified:y.z.boolean().default(!1),name:y.z.string(),image:y.z.string().nullish(),createdAt:y.z.date().default(()=>new Date),updatedAt:y.z.date().default(()=>new Date)}),Ms=y.z.object({id:y.z.string(),userId:y.z.string(),expiresAt:y.z.date(),createdAt:y.z.date().default(()=>new Date),updatedAt:y.z.date().default(()=>new Date),token:y.z.string(),ipAddress:y.z.string().nullish(),userAgent:y.z.string().nullish()}),qs=y.z.object({id:y.z.string(),value:y.z.string(),createdAt:y.z.date().default(()=>new Date),updatedAt:y.z.date().default(()=>new Date),expiresAt:y.z.date(),identifier:y.z.string()});function io(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function so(e,t){let r=t.action||"create",o=t.fields,n={};for(let i in o){if(i in e){if(o[i].input===!1){if(o[i].defaultValue){n[i]=o[i].defaultValue;continue}continue}if(o[i].validator?.input&&e[i]!==void 0){n[i]=o[i].validator.input.parse(e[i]);continue}if(o[i].transform?.input&&e[i]!==void 0){n[i]=o[i].transform?.input(e[i]);continue}n[i]=e[i];continue}if(o[i].defaultValue&&r==="create"){n[i]=o[i].defaultValue;continue}if(o[i].required&&r==="create")throw new nr.APIError("BAD_REQUEST",{message:`${i} is required`})}return n}function ke(e,t,r){let o=io(e,"user");return so(t||{},{fields:o,action:r})}var Ze=()=>A("/update-user",{method:"POST",body:_.z.record(_.z.string(),_.z.any()),use:[D],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new T.APIError("BAD_REQUEST",{message:g.EMAIL_CAN_NOT_BE_UPDATED});let{name:r,image:o,...n}=t,i=e.context.session;if(o===void 0&&r===void 0&&Object.keys(n).length===0)return e.json({status:!0});let s=ke(e.context.options,n,"update"),c=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:r,image:o,...s});return await I(e,{session:i.session,user:c}),e.json({status:!0})}),Je=A("/change-password",{method:"POST",body:_.z.object({newPassword:_.z.string({description:"The new password to set"}),currentPassword:_.z.string({description:"The current password"}),revokeOtherSessions:_.z.boolean({description:"Revoke all other sessions"}).optional()}),use:[D],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new T.APIError("BAD_REQUEST",{message:g.PASSWORD_TOO_SHORT});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new T.APIError("BAD_REQUEST",{message:g.PASSWORD_TOO_LONG});let a=(await e.context.internalAdapter.findAccounts(n.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!a||!a.password)throw new T.APIError("BAD_REQUEST",{message:g.CREDENTIAL_ACCOUNT_NOT_FOUND});let d=await e.context.password.hash(t);if(!await e.context.password.verify({hash:a.password,password:r}))throw new T.APIError("BAD_REQUEST",{message:g.INVALID_PASSWORD});await e.context.internalAdapter.updateAccount(a.id,{password:d});let h=null;if(o){await e.context.internalAdapter.deleteSessions(n.user.id);let p=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!p)throw new T.APIError("INTERNAL_SERVER_ERROR",{message:g.FAILED_TO_GET_SESSION});await I(e,{session:p,user:n.user}),h=p.token}return e.json({token:h})}),Ke=A("/set-password",{method:"POST",body:_.z.object({newPassword:_.z.string()}),metadata:{SERVER_ONLY:!0},use:[D]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new T.APIError("BAD_REQUEST",{message:g.PASSWORD_TOO_SHORT});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new T.APIError("BAD_REQUEST",{message:g.PASSWORD_TOO_LONG});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),c=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json({status:!0});throw new T.APIError("BAD_REQUEST",{message:"user already has a password"})}),Ye=A("/delete-user",{method:"POST",use:[D],body:_.z.object({callbackURL:_.z.string().optional(),password:_.z.string().optional(),token:_.z.string().optional()}),metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{if(!e.context.options.user?.deleteUser?.enabled)throw e.context.logger.error("Delete user is disabled. Enable it in the options",{session:e.context.session}),new T.APIError("NOT_FOUND");let t=e.context.session;if(e.body.password){let i=(await e.context.internalAdapter.findAccounts(t.user.id)).find(c=>c.providerId==="credential"&&c.password);if(!i||!i.password)throw new T.APIError("BAD_REQUEST",{message:g.CREDENTIAL_ACCOUNT_NOT_FOUND});if(!await e.context.password.verify({hash:i.password,password:e.body.password}))throw new T.APIError("BAD_REQUEST",{message:g.INVALID_PASSWORD})}else if(e.context.options.session?.freshAge){let n=t.session.createdAt.getTime(),i=e.context.options.session.freshAge;if(Date.now()-n>i)throw new T.APIError("BAD_REQUEST",{message:g.SESSION_EXPIRED})}if(e.body.token)return await Ee({...e,query:{token:e.body.token}}),e.json({success:!0,message:"User deleted"});if(e.context.options.user.deleteUser?.sendDeleteAccountVerification){let n=ue(32,"0-9","a-z");await e.context.internalAdapter.createVerificationValue({value:t.user.id,identifier:`delete-account-${n}`,expiresAt:new Date(Date.now()+1e3*60*60*24)});let i=`${e.context.baseURL}/delete-user/callback?token=${n}&callbackURL=${e.body.callbackURL||"/"}`;return await e.context.options.user.deleteUser.sendDeleteAccountVerification({user:t.user,url:i,token:n},e.request),e.json({success:!0,message:"Verification email sent"})}let r=e.context.options.user.deleteUser?.beforeDelete;r&&await r(t.user,e.request),await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),await e.context.internalAdapter.deleteAccounts(t.user.id),q(e);let o=e.context.options.user.deleteUser?.afterDelete;return o&&await o(t.user,e.request),e.json({success:!0,message:"User deleted"})}),Ee=A("/delete-user/callback",{method:"GET",query:_.z.object({token:_.z.string(),callbackURL:_.z.string().optional()})},async e=>{if(!e.context.options.user?.deleteUser?.enabled)throw e.context.logger.error("Delete user is disabled. Enable it in the options"),new T.APIError("NOT_FOUND");let t=await X(e);if(!t)throw new T.APIError("NOT_FOUND",{message:g.FAILED_TO_GET_USER_INFO});let r=await e.context.internalAdapter.findVerificationValue(`delete-account-${e.query.token}`);if(!r||r.expiresAt<new Date)throw r&&await e.context.internalAdapter.deleteVerificationValue(r.id),new T.APIError("NOT_FOUND",{message:g.INVALID_TOKEN});if(r.value!==t.user.id)throw new T.APIError("NOT_FOUND",{message:g.INVALID_TOKEN});let o=e.context.options.user.deleteUser?.beforeDelete;o&&await o(t.user,e.request),await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),await e.context.internalAdapter.deleteAccounts(t.user.id),await e.context.internalAdapter.deleteVerificationValue(r.id),q(e);let n=e.context.options.user.deleteUser?.afterDelete;if(n&&await n(t.user,e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL||"/");return e.json({success:!0,message:"User deleted"})}),Xe=A("/change-email",{method:"POST",query:_.z.object({currentURL:_.z.string().optional()}).optional(),body:_.z.object({newEmail:_.z.string({description:"The new email to set"}).email(),callbackURL:_.z.string({description:"The URL to redirect to after email verification"}).optional()}),use:[D],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new T.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new T.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new T.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new T.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await V(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({status:!0})});var ao=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
package/dist/api.js CHANGED
@@ -1,4 +1,4 @@
1
- import{APIError as J,createRouter as to,getCookie as ro,getSignedCookie as oo,setCookie as no,setSignedCookie as io}from"better-call";import{APIError as Wt}from"better-call";import{createEndpointCreator as qt,createMiddleware as Oe,createMiddlewareCreator as zt}from"better-call";var xe=Oe(async()=>({})),oe=zt({use:[xe,Oe(async()=>({}))]}),A=qt({use:[xe]});function Ae(e){return e==="-"||e==="^"||e==="$"||e==="+"||e==="."||e==="("||e===")"||e==="|"||e==="["||e==="]"||e==="{"||e==="}"||e==="*"||e==="?"||e==="\\"?`\\${e}`:e}function Ft(e){let t="";for(let r=0;r<e.length;r++)t+=Ae(e[r]);return t}function Pe(e,t=!0){if(Array.isArray(e))return`(?:${e.map(u=>`^${Pe(u,t)}$`).join("|")})`;let r="",o="",i=".";t===!0?(r="/",o="[/\\\\]",i="[^/\\\\]"):t&&(r=t,o=Ft(r),o.length>1?(o=`(?:${o})`,i=`((?!${o}).)`):i=`[^${o}]`);let n=t?`${o}+?`:"",s=t?`${o}*?`:"",c=t?e.split(r):[e],a="";for(let d=0;d<c.length;d++){let u=c[d],h=c[d+1],p="";if(!(!u&&d>0)){if(t&&(d===c.length-1?p=s:h!=="**"?p=n:p=""),t&&u==="**"){p&&(a+=d===0?"":p,a+=`(?:${i}*?${p})*?`);continue}for(let l=0;l<u.length;l++){let y=u[l];y==="\\"?l<u.length-1&&(a+=Ae(u[l+1]),l++):y==="?"?a+=i:y==="*"?a+=`${i}*?`:a+=Ae(y)}a+=p}}return a}function Ht(e,t){if(typeof t!="string")throw new TypeError(`Sample must be a string, but ${typeof t} given`);return e.test(t)}function ue(e,t){if(typeof e!="string"&&!Array.isArray(e))throw new TypeError(`The first argument must be a single pattern string or an array of patterns, but ${typeof e} given`);if((typeof t=="string"||typeof t=="boolean")&&(t={separator:t}),arguments.length===2&&!(typeof t>"u"||typeof t=="object"&&t!==null&&!Array.isArray(t)))throw new TypeError(`The second argument must be an options object or a string/boolean separator, but ${typeof t} given`);if(t=t||{},t.separator==="\\")throw new Error("\\ is not a valid separator because it is used for escaping. Try setting the separator to `true` instead");let r=Pe(e,t.separator),o=new RegExp(`^${r}$`,t.flags),i=Ht.bind(null,o);return i.options=t,i.pattern=e,i.regexp=o,i}var pe=Object.create(null),ne=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?pe:globalThis),Le=new Proxy(pe,{get(e,t){return ne()[t]??pe[t]},has(e,t){let r=ne();return t in r||t in pe},set(e,t,r){let o=ne(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=ne(!0);return delete r[t],!0},ownKeys(){let e=ne(!0);return Object.keys(e)}});function Gt(e){return e?e!=="false":!1}var Re=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var me=Re==="dev"||Re==="development",Ie=Re==="test"||Gt(Le.TEST);var Q=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};function De(e){try{return new URL(e).origin}catch{return null}}function Ce(e){return e.includes("://")?new URL(e).host:e}var je=oe(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,c=r?.currentURL,a=t?.errorCallbackURL,d=t?.newUserCallbackURL,u=o.trustedOrigins,h=e.headers?.has("cookie"),p=(y,E)=>y.startsWith("/")?!1:E.includes("*")?ue(E)(Ce(y)):y.startsWith(E),l=(y,E)=>{if(!y)return;if(!u.some(B=>p(y,B)||y?.startsWith("/")&&E!=="origin"&&!y.includes(":")))throw e.context.logger.error(`Invalid ${E}: ${y}`),e.context.logger.info(`If it's a valid URL, please add ${y} to trustedOrigins in your auth config
1
+ import{APIError as J,createRouter as to,getCookie as ro,getSignedCookie as oo,setCookie as no,setSignedCookie as io}from"better-call";import{APIError as Wt}from"better-call";import{createEndpointCreator as qt,createMiddleware as Oe,createMiddlewareCreator as zt}from"better-call";var xe=Oe(async()=>({})),oe=zt({use:[xe,Oe(async()=>({}))]}),A=qt({use:[xe]});function Ae(e){return e==="-"||e==="^"||e==="$"||e==="+"||e==="."||e==="("||e===")"||e==="|"||e==="["||e==="]"||e==="{"||e==="}"||e==="*"||e==="?"||e==="\\"?`\\${e}`:e}function Ft(e){let t="";for(let r=0;r<e.length;r++)t+=Ae(e[r]);return t}function Pe(e,t=!0){if(Array.isArray(e))return`(?:${e.map(u=>`^${Pe(u,t)}$`).join("|")})`;let r="",o="",i=".";t===!0?(r="/",o="[/\\\\]",i="[^/\\\\]"):t&&(r=t,o=Ft(r),o.length>1?(o=`(?:${o})`,i=`((?!${o}).)`):i=`[^${o}]`);let n=t?`${o}+?`:"",s=t?`${o}*?`:"",c=t?e.split(r):[e],a="";for(let d=0;d<c.length;d++){let u=c[d],h=c[d+1],p="";if(!(!u&&d>0)){if(t&&(d===c.length-1?p=s:h!=="**"?p=n:p=""),t&&u==="**"){p&&(a+=d===0?"":p,a+=`(?:${i}*?${p})*?`);continue}for(let l=0;l<u.length;l++){let y=u[l];y==="\\"?l<u.length-1&&(a+=Ae(u[l+1]),l++):y==="?"?a+=i:y==="*"?a+=`${i}*?`:a+=Ae(y)}a+=p}}return a}function Ht(e,t){if(typeof t!="string")throw new TypeError(`Sample must be a string, but ${typeof t} given`);return e.test(t)}function ue(e,t){if(typeof e!="string"&&!Array.isArray(e))throw new TypeError(`The first argument must be a single pattern string or an array of patterns, but ${typeof e} given`);if((typeof t=="string"||typeof t=="boolean")&&(t={separator:t}),arguments.length===2&&!(typeof t>"u"||typeof t=="object"&&t!==null&&!Array.isArray(t)))throw new TypeError(`The second argument must be an options object or a string/boolean separator, but ${typeof t} given`);if(t=t||{},t.separator==="\\")throw new Error("\\ is not a valid separator because it is used for escaping. Try setting the separator to `true` instead");let r=Pe(e,t.separator),o=new RegExp(`^${r}$`,t.flags),i=Ht.bind(null,o);return i.options=t,i.pattern=e,i.regexp=o,i}var pe=Object.create(null),ne=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?pe:globalThis),Le=new Proxy(pe,{get(e,t){return ne()[t]??pe[t]},has(e,t){let r=ne();return t in r||t in pe},set(e,t,r){let o=ne(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=ne(!0);return delete r[t],!0},ownKeys(){let e=ne(!0);return Object.keys(e)}});function Gt(e){return e?e!=="false":!1}var Re=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var me=Re==="dev"||Re==="development",Ie=Re==="test"||Gt(Le.TEST);var Q=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};function De(e){try{return new URL(e).origin}catch{return null}}function Ce(e){return e.includes("://")?new URL(e).host:e}var je=oe(async e=>{let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,c=r?.currentURL,a=t?.errorCallbackURL,d=t?.newUserCallbackURL,u=o.trustedOrigins,h=e.headers?.has("cookie"),p=(y,E)=>y.startsWith("/")?!1:E.includes("*")?ue(E)(Ce(y)):y.startsWith(E),l=(y,E)=>{if(!y)return;if(!u.some(B=>p(y,B)||y?.startsWith("/")&&E!=="origin"&&!y.includes(":")))throw e.context.logger.error(`Invalid ${E}: ${y}`),e.context.logger.info(`If it's a valid URL, please add ${y} to trustedOrigins in your auth config
2
2
  `,`Current list of trustedOrigins: ${u}`),new Wt("FORBIDDEN",{message:`Invalid ${E}`})};h&&!e.context.options.advanced?.disableCSRFCheck&&l(i,"origin"),n&&l(n,"callbackURL"),s&&l(s,"redirectURL"),c&&l(c,"currentURL"),a&&l(a,"errorCallbackURL"),d&&l(s,"newUserCallbackURL")});import{APIError as P}from"better-call";import{z as v}from"zod";var Z=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{base64Url as Qt}from"@better-auth/utils/base64";import{createHMAC as Zt}from"@better-auth/utils/hmac";async function ke(e,t){if(e.context.options.session?.cookieCache?.enabled){let o=Qt.encode(JSON.stringify({session:t,expiresAt:Z(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await Zt("SHA-256","base64urlnopad").sign(e.context.secret,JSON.stringify(t))}),{padding:!1});if(o.length>4093)throw new Q("Session data is too large to store in the cookie. Please disable session cookie caching or reduce the size of the session data");e.setCookie(e.context.authCookies.sessionData.name,o,e.context.authCookies.sessionData.options)}}async function L(e,t,r,o){let i=e.context.authCookies.sessionToken.options,n=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...i,maxAge:n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),await ke(e,t),e.context.setNewSession(t),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),Math.floor((new Date(t.session.expiresAt).getTime()-Date.now())/1e3))}function V(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}var Jt=Object.defineProperty,Kt=Object.defineProperties,Yt=Object.getOwnPropertyDescriptors,Ne=Object.getOwnPropertySymbols,Xt=Object.prototype.hasOwnProperty,er=Object.prototype.propertyIsEnumerable,$e=(e,t,r)=>t in e?Jt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,K=(e,t)=>{for(var r in t||(t={}))Xt.call(t,r)&&$e(e,r,t[r]);if(Ne)for(var r of Ne(t))er.call(t,r)&&$e(e,r,t[r]);return e},Y=(e,t)=>Kt(e,Yt(t)),tr=class extends Error{constructor(e,t,r){super(t||e.toString(),{cause:r}),this.status=e,this.statusText=t,this.error=r}},rr=async(e,t)=>{var r,o,i,n,s,c;let a=t||{},d={onRequest:[t?.onRequest],onResponse:[t?.onResponse],onSuccess:[t?.onSuccess],onError:[t?.onError],onRetry:[t?.onRetry]};if(!t||!t?.plugins)return{url:e,options:a,hooks:d};for(let u of t?.plugins||[]){if(u.init){let h=await((r=u.init)==null?void 0:r.call(u,e.toString(),t));a=h.options||a,e=h.url}d.onRequest.push((o=u.hooks)==null?void 0:o.onRequest),d.onResponse.push((i=u.hooks)==null?void 0:i.onResponse),d.onSuccess.push((n=u.hooks)==null?void 0:n.onSuccess),d.onError.push((s=u.hooks)==null?void 0:s.onError),d.onRetry.push((c=u.hooks)==null?void 0:c.onRetry)}return{url:e,options:a,hooks:d}},Be=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(){return this.options.delay}},or=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(e){return Math.min(this.options.maxDelay,this.options.baseDelay*2**e)}};function nr(e){if(typeof e=="number")return new Be({type:"linear",attempts:e,delay:1e3});switch(e.type){case"linear":return new Be(e);case"exponential":return new or(e);default:throw new Error("Invalid retry strategy")}}var ir=e=>{let t={},r=o=>typeof o=="function"?o():o;if(e?.auth){if(e.auth.type==="Bearer"){let o=r(e.auth.token);if(!o)return t;t.authorization=`Bearer ${o}`}else if(e.auth.type==="Basic"){let o=r(e.auth.username),i=r(e.auth.password);if(!o||!i)return t;t.authorization=`Basic ${btoa(`${o}:${i}`)}`}else if(e.auth.type==="Custom"){let o=r(e.auth.value);if(!o)return t;t.authorization=`${r(e.auth.prefix)} ${o}`}}return t},qe=["get","post","put","patch","delete"];var sr=/^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;function ar(e){let t=e.headers.get("content-type"),r=new Set(["image/svg","application/xml","application/xhtml","application/html"]);if(!t)return"json";let o=t.split(";").shift()||"";return sr.test(o)?"json":r.has(o)||o.startsWith("text/")?"text":"blob"}function cr(e){try{return JSON.parse(e),!0}catch{return!1}}function ze(e){if(e===void 0)return!1;let t=typeof e;return t==="string"||t==="number"||t==="boolean"||t===null?!0:t!=="object"?!1:Array.isArray(e)?!0:e.buffer?!1:e.constructor&&e.constructor.name==="Object"||typeof e.toJSON=="function"}function Ve(e){try{return JSON.parse(e)}catch{return e}}function Me(e){return typeof e=="function"}function dr(e){if(e?.customFetchImpl)return e.customFetchImpl;if(typeof globalThis<"u"&&Me(globalThis.fetch))return globalThis.fetch;if(typeof window<"u"&&Me(window.fetch))return window.fetch;throw new Error("No fetch implementation found")}function lr(e){let t=new Headers(e?.headers),r=ir(e);for(let[o,i]of Object.entries(r||{}))t.set(o,i);if(!t.has("content-type")){let o=ur(e?.body);o&&t.set("content-type",o)}return t}function ur(e){return ze(e)?"application/json":null}function pr(e){if(!e?.body)return null;let t=new Headers(e?.headers);return ze(e.body)&&!t.has("content-type")?JSON.stringify(e.body):e.body}function mr(e,t){var r;if(t?.method)return t.method.toUpperCase();if(e.startsWith("@")){let o=(r=e.split("@")[1])==null?void 0:r.split("/")[0];return qe.includes(o)?o.toUpperCase():t?.body?"POST":"GET"}return t?.body?"POST":"GET"}function fr(e,t){let r;return!e?.signal&&e?.timeout&&(r=setTimeout(()=>t?.abort(),e?.timeout)),{abortTimeout:r,clearTimeout:()=>{r&&clearTimeout(r)}}}function gr(e,t){let{baseURL:r,params:o,query:i}=t||{query:{},params:{},baseURL:""},n=e.startsWith("http")?e.split("/").slice(0,3).join("/"):r;if(!n)throw new TypeError(`Invalid URL ${e}. Are you passing in a relative URL but not setting the baseURL?`);if(e.startsWith("@")){let h=e.toString().split("@")[1].split("/")[0];qe.includes(h)&&(e=e.replace(`@${h}/`,"/"))}n.endsWith("/")||(n+="/");let[s,c]=e.replace(n,"").split("?"),a=new URLSearchParams(c);for(let[h,p]of Object.entries(i||{}))a.set(h,String(p));if(o)if(Array.isArray(o)){let h=s.split("/").filter(p=>p.startsWith(":"));for(let[p,l]of h.entries()){let y=o[p];s=s.replace(l,y)}}else for(let[h,p]of Object.entries(o))s=s.replace(`:${h}`,String(p));s=s.split("/").map(encodeURIComponent).join("/"),s.startsWith("/")&&(s=s.slice(1));let d=a.size>0?`?${a}`.replace(/\+/g,"%20"):"";return new URL(`${s}${d}`,n)}var R=async(e,t)=>{var r,o,i,n,s,c,a,d;let{hooks:u,url:h,options:p}=await rr(e,t),l=dr(p),y=new AbortController,E=(r=p.signal)!=null?r:y.signal,O=gr(h,p),B=pr(p),I=lr(p),m=mr(h,p),f=Y(K({},p),{url:O,headers:I,body:B,method:m,signal:E});for(let C of u.onRequest)if(C){let x=await C(f);x instanceof Object&&(f=x)}("pipeTo"in f&&typeof f.pipeTo=="function"||typeof((o=t?.body)==null?void 0:o.pipe)=="function")&&("duplex"in f||(f.duplex="half"));let{clearTimeout:S}=fr(p,y),w=await l(f.url,f);S();let le={response:w,request:f};for(let C of u.onResponse)if(C){let x=await C(Y(K({},le),{response:(i=t?.hookOptions)!=null&&i.cloneResponse?w.clone():w}));x instanceof Response?w=x:x instanceof Object&&(w=x.response)}if(w.ok){if(!(f.method!=="HEAD"))return{data:"",error:null};let x=ar(w),z={data:"",response:w,request:f};if(x==="json"||x==="text"){let F=await w.text(),Mt=await((n=f.jsonParser)!=null?n:Ve)(F);z.data=Mt}else z.data=await w[x]();f?.output&&f.output&&!f.disableValidation&&(z.data=f.output.parse(z.data));for(let F of u.onSuccess)F&&await F(Y(K({},z),{response:(s=t?.hookOptions)!=null&&s.cloneResponse?w.clone():w}));return t?.throw?z.data:{data:z.data,error:null}}let Bt=(c=t?.jsonParser)!=null?c:Ve,Se=await w.text(),be=cr(Se)?await Bt(Se):{},Vt={response:w,request:f,error:Y(K({},be),{status:w.status,statusText:w.statusText})};for(let C of u.onError)C&&await C(Y(K({},Vt),{response:(a=t?.hookOptions)!=null&&a.cloneResponse?w.clone():w}));if(t?.retry){let C=nr(t.retry),x=(d=t.retryAttempt)!=null?d:0;if(await C.shouldAttemptRetry(x,w)){for(let F of u.onRetry)F&&await F(le);let z=C.getDelay(x);return await new Promise(F=>setTimeout(F,z)),await R(e,Y(K({},t),{retryAttempt:x+1}))}}if(t?.throw)throw new tr(w.status,w.statusText,be);return{data:null,error:Y(K({},be),{status:w.status,statusText:w.statusText})}};import{APIError as Rr}from"better-call";import{decodeJwt as kr,decodeProtectedHeader as Er,importJWK as Ur,jwtVerify as _r}from"jose";import{createHash as hr}from"@better-auth/utils/hash";import{base64Url as wr}from"@better-auth/utils/base64";async function Fe(e){let t=await hr("SHA-256").digest(e);return wr.encode(new Uint8Array(t),{padding:!1})}function fe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?Z(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function U({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:s,redirectURI:c,duration:a}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||c),i){let u=await Fe(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",u)}if(s){let u=s.reduce((h,p)=>(h[p]=null,h),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...u}}))}return a&&d.searchParams.set("duration",a),d}import{jwtVerify as Jo}from"jose";async function k({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i,authentication:n}){let s=new URLSearchParams,c={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),n==="basic"){let h=btoa(`${o.clientId}:${o.clientSecret}`);c.authorization=`Basic ${h}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:a,error:d}=await R(i,{method:"POST",body:s,headers:c});if(d)throw d;return fe(a)}import{z as H}from"zod";import{APIError as Ge}from"better-call";import{createHash as wn}from"@better-auth/utils/hash";import{xchacha20poly1305 as bn}from"@noble/ciphers/chacha";import{bytesToHex as Rn,hexToBytes as kn,utf8ToBytes as En}from"@noble/ciphers/utils";import{managedNonce as _n}from"@noble/ciphers/webcrypto";import{createHash as tn}from"@better-auth/utils/hash";import{SignJWT as br}from"jose";async function He(e,t,r=3600){return await new br(e).setProtectedHeader({alg:"HS256"}).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+r).sign(new TextEncoder().encode(t))}import{scryptAsync as cn}from"@noble/hashes/scrypt";import{getRandomValues as ln}from"uncrypto";import{hex as pn}from"@better-auth/utils/hex";import{createRandomStringGenerator as Ar}from"@better-auth/utils/random";var ie=Ar("a-z","0-9","A-Z","-_");async function ge(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?De(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Ge("BAD_REQUEST",{message:"callbackURL is required"});let o=ie(128),i=ie(32),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,newUserURL:e.body?.newUserCallbackURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:s});if(!c)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Ge("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function We(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=H.object({callbackURL:H.string(),codeVerifier:H.string(),errorURL:H.string().optional(),newUserURL:H.string().optional(),expiresAt:H.number(),link:H.object({email:H.string(),userId:H.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var Qe=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${e.redirectURI||i}&scope=${n.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>k({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let i=Er(r),{kid:n,alg:s}=i;if(!n||!s)return!1;let c=await Tr(n),{payload:a}=await _r(r,c,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.appBundleIdentifier||e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{a[d]!==void 0&&(a[d]=!!a[d])}),o&&a.nonce!==o?!1:!!a},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let o=kr(r.idToken);if(!o)return null;let i=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email,n=await e.mapProfileToUser?.(o);return{user:{id:o.sub,name:i,emailVerified:!1,email:o.email,...n},data:o}}}},Tr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await R(`${t}${r}`);if(!o?.keys)throw new Rr("BAD_REQUEST",{message:"Keys not found"});let i=o.keys.find(n=>n.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await Ur(i,i.alg)};var Ze=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}&prompt=${e.prompt||"none"}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url,...i},data:r}}});var Je=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await U({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});if(o)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified,...i},data:r}}});var Ke=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),U({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>k({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:o,error:i}=await R("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1,{data:s}=await R("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});s&&(o.email=(s.find(a=>a.primary)??s[0])?.email,n=s.find(a=>a.email===o.email)?.verified??!1);let c=await e.mapProfileToUser?.(o);return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n,...c},data:o}}}};var Ee=["info","success","warn","error","debug"];function vr(e,t){return Ee.indexOf(t)<=Ee.indexOf(e)}var M={reset:"\x1B[0m",bright:"\x1B[1m",dim:"\x1B[2m",underscore:"\x1B[4m",blink:"\x1B[5m",reverse:"\x1B[7m",hidden:"\x1B[8m",fg:{black:"\x1B[30m",red:"\x1B[31m",green:"\x1B[32m",yellow:"\x1B[33m",blue:"\x1B[34m",magenta:"\x1B[35m",cyan:"\x1B[36m",white:"\x1B[37m"},bg:{black:"\x1B[40m",red:"\x1B[41m",green:"\x1B[42m",yellow:"\x1B[43m",blue:"\x1B[44m",magenta:"\x1B[45m",cyan:"\x1B[46m",white:"\x1B[47m"}},Sr={info:M.fg.blue,success:M.fg.green,warn:M.fg.yellow,error:M.fg.red,debug:M.fg.magenta},Or=(e,t)=>{let r=new Date().toISOString();return`${M.dim}${r}${M.reset} ${Sr[e]}${e.toUpperCase()}${M.reset} ${M.bright}[Better Auth]:${M.reset} ${t}`},xr=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(i,n,s=[])=>{if(!t||!vr(r,i))return;let c=Or(i,n);if(!e||typeof e.log!="function"){i==="error"?console.error(c,...s):i==="warn"?console.warn(c,...s):console.log(c,...s);return}e.log(i==="success"?"info":i,c,...s)};return Object.fromEntries(Ee.map(i=>[i,(...[n,...s])=>o(i,n,s)]))},j=xr();import{decodeJwt as Pr}from"jose";var Ye=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw j.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new Q("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new Q("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let s=await U({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await R(o);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=Pr(t.idToken),o=await e.mapProfileToUser?.(r);return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified,...o},data:r}}});import{decodeJwt as Lr}from"jose";var Xe=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),U({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:s}){return k({code:i,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(i){if(e.getUserInfo)return e.getUserInfo(i);if(!i.idToken)return null;let n=Lr(i.idToken),s=e.profilePhotoSize||48;await R(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let u=await a.response.clone().arrayBuffer(),h=Buffer.from(u).toString("base64");n.picture=`data:image/jpeg;base64, ${h}`}catch(d){j.error(d&&typeof d=="object"&&"name"in d?d.name:"",d)}}});let c=await e.mapProfileToUser?.(n);return{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0,...c},data:n}}}};var et=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),U({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(o)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1,...i},data:r}}});var te={isAction:!1};import{createRandomStringGenerator as Ir}from"@better-auth/utils/random";var tt=e=>Ir("a-z","A-Z","0-9")(e||32);import{decodeJwt as Dr}from"jose";var rt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),U({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return j.error("No idToken found in token"),null;let o=Dr(r),i=await e.mapProfileToUser?.(o);return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1,...i},data:o}}});var ot=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),U({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});if(o)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.data.id,name:r.data.name,email:r.data.username||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1,...i},data:r}}});var nt=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await U({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await k({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:o,error:i}=await R("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=await e.mapProfileToUser?.(o);return{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url,...n},data:o}}}};var it=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let s=i||["profile","email","openid"];return e.scope&&s.push(...e.scope),await U({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await k({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await R("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});if(n)return null;let s=await e.mapProfileToUser?.(i);return{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture,...s},data:i}}}};var Ue=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Cr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ue(`${t}/oauth/authorize`),tokenEndpoint:Ue(`${t}/oauth/token`),userinfoEndpoint:Ue(`${t}/api/v4/user`)}},st=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=Cr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:c,codeVerifier:a,redirectURI:d})=>{let u=c||["read_user"];return e.scope&&u.push(...e.scope),await U({id:i,options:e,authorizationEndpoint:t,scopes:u,state:s,redirectURI:d,codeVerifier:a})},validateAuthorizationCode:async({code:s,redirectURI:c,codeVerifier:a})=>k({code:s,redirectURI:e.redirectURI||c,options:e,codeVerifier:a,tokenEndpoint:r}),async getUserInfo(s){if(e.getUserInfo)return e.getUserInfo(s);let{data:c,error:a}=await R(o,{headers:{authorization:`Bearer ${s.accessToken}`}});if(a||c.state!=="active"||c.locked)return null;let d=await e.mapProfileToUser?.(c);return{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0,...d},data:c}}}};var at=e=>({id:"reddit",name:"Reddit",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identity"];return e.scope&&i.push(...e.scope),U({id:"reddit",options:e,authorizationEndpoint:"https://www.reddit.com/api/v1/authorize",scopes:i,state:t,redirectURI:o,duration:e.duration})},validateAuthorizationCode:async({code:t,redirectURI:r})=>{let o=new URLSearchParams({grant_type:"authorization_code",code:t,redirect_uri:e.redirectURI||r}),i={"content-type":"application/x-www-form-urlencoded",accept:"text/plain","user-agent":"better-auth",Authorization:`Basic ${Buffer.from(`${e.clientId}:${e.clientSecret}`).toString("base64")}`},{data:n,error:s}=await R("https://www.reddit.com/api/v1/access_token",{method:"POST",headers:i,body:o.toString()});if(s)throw s;return fe(n)},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:o}=await R("https://oauth.reddit.com/api/v1/me",{headers:{Authorization:`Bearer ${t.accessToken}`,"User-Agent":"better-auth"}});if(o)return null;let i=await e.mapProfileToUser?.(r);return{user:{id:r.id,name:r.name,email:r.oauth_client_id,emailVerified:r.has_verified_email,image:r.icon_img?.split("?")[0],...i},data:r}}});import{z as jr}from"zod";var Nr={apple:Qe,discord:Ze,facebook:Je,github:Ke,microsoft:Xe,google:Ye,spotify:et,twitch:rt,twitter:ot,dropbox:nt,linkedin:it,gitlab:st,reddit:at},_e=Object.keys(Nr),ct=jr.enum(_e,{description:"OAuth2 provider to use"});import{z as $}from"zod";import{APIError as se}from"better-call";import{APIError as G}from"better-call";import{z as X}from"zod";function dt(e){try{return JSON.parse(e)}catch{return null}}var g={USER_NOT_FOUND:"User not found",FAILED_TO_CREATE_USER:"Failed to create user",FAILED_TO_CREATE_SESSION:"Failed to create session",FAILED_TO_UPDATE_USER:"Failed to update user",FAILED_TO_GET_SESSION:"Failed to get session",INVALID_PASSWORD:"Invalid password",INVALID_EMAIL:"Invalid email",INVALID_EMAIL_OR_PASSWORD:"Invalid email or password",SOCIAL_ACCOUNT_ALREADY_LINKED:"Social account already linked",PROVIDER_NOT_FOUND:"Provider not found",INVALID_TOKEN:"invalid token",ID_TOKEN_NOT_SUPPORTED:"id_token not supported",FAILED_TO_GET_USER_INFO:"Failed to get user info",USER_EMAIL_NOT_FOUND:"User email not found",EMAIL_NOT_VERIFIED:"Email not verified",PASSWORD_TOO_SHORT:"Password too short",PASSWORD_TOO_LONG:"Password too long",USER_ALREADY_EXISTS:"User already exists",EMAIL_CAN_NOT_BE_UPDATED:"Email can not be updated",CREDENTIAL_ACCOUNT_NOT_FOUND:"Credential account not found",SESSION_EXPIRED:"Session expired. Re-authenticate to perform this action."};import{createHMAC as $r}from"@better-auth/utils/hmac";import{base64 as Br}from"@better-auth/utils/base64";import{binary as Vr}from"@better-auth/utils/binary";var Te=()=>A("/get-session",{method:"GET",query:X.optional(X.object({disableCookieCache:X.boolean({description:"Disable cookie cache and fetch session from database"}).or(X.string().transform(e=>e==="true")).optional(),disableRefresh:X.boolean({description:"Disable session refresh. Useful for checking session status, without updating the session"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?dt(Vr.decode(Br.decode(r))):null;if(o&&!await $r("SHA-256","base64urlnopad").verify(e.context.secret,JSON.stringify(o.session),o.signature))return V(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let u=o.session;if(o.expiresAt<Date.now()||u.session.expiresAt<new Date){let p=e.context.authCookies.sessionData.name;e.setCookie(p,"",{maxAge:0})}else return e.json(u)}let n=await e.context.internalAdapter.findSession(t);if(e.context.session=n,!n||n.session.expiresAt<new Date)return V(e),n&&await e.context.internalAdapter.deleteSession(n.session.token),e.json(null);if(i||e.query?.disableRefresh)return e.json(n);let s=e.context.sessionConfig.expiresIn,c=e.context.sessionConfig.updateAge;if(n.session.expiresAt.valueOf()-s*1e3+c*1e3<=Date.now()){let u=await e.context.internalAdapter.updateSession(n.session.token,{expiresAt:Z(e.context.sessionConfig.expiresIn,"sec")});if(!u)return V(e),e.json(null,{status:401});let h=(u.expiresAt.valueOf()-Date.now())/1e3;return await L(e,{session:u,user:n.user},!1,{maxAge:h}),e.json({session:u,user:n.user})}return await ke(e,n),e.json(n)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new G("INTERNAL_SERVER_ERROR",{message:g.FAILED_TO_GET_SESSION})}}),ee=async(e,t)=>{if(e.context.session)return e.context.session;let r=await Te()({...e,_flag:"json",headers:e.headers,query:t}).catch(o=>null);return e.context.session=r,r},D=oe(async e=>{let t=await ee(e);if(!t?.session)throw new G("UNAUTHORIZED");return{session:t}}),Cs=oe(async e=>{let t=await ee(e);if(!t?.session)throw new G("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,o=t.session.updatedAt?.valueOf()||t.session.createdAt.valueOf();if(!(Date.now()-o<r*1e3))throw new G("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),lt=()=>A("/list-sessions",{method:"GET",use:[D],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),ut=A("/revoke-session",{method:"POST",body:X.object({token:X.string({description:"The token to revoke"})}),use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new G("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new G("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new G("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),pt=A("/revoke-sessions",{method:"POST",use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new G("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),mt=A("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[D],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new G("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(n=>n.expiresAt>new Date).filter(n=>n.token!==e.context.session.session.token);return await Promise.all(i.map(n=>e.context.internalAdapter.deleteSession(n.token))),e.json({status:!0})});import{jwtVerify as Mr}from"jose";async function q(e,t,r){return await He({email:t.toLowerCase(),updateTo:r},e)}async function qr(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new se("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await q(e.context.secret,t.email),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:o,token:r},e.request)}var ft=A("/send-verification-email",{method:"POST",query:$.object({currentURL:$.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:$.object({email:$.string({description:"The email to send the verification email to"}).email(),callbackURL:$.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new se("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new se("BAD_REQUEST",{message:g.USER_NOT_FOUND});return await qr(e,r.user),e.json({status:!0})}),gt=A("/verify-email",{method:"GET",query:$.object({token:$.string({description:"The token to verify the email"}),callbackURL:$.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(c){throw e.query.callbackURL?e.query.callbackURL.includes("?")?e.redirect(`${e.query.callbackURL}&error=${c}`):e.redirect(`${e.query.callbackURL}?error=${c}`):new se("UNAUTHORIZED",{message:c})}let{token:r}=e.query,o;try{o=await Mr(r,new TextEncoder().encode(e.context.secret),{algorithms:["HS256"]})}catch(c){return e.context.logger.error("Failed to verify email",c),t("invalid_token")}let n=$.object({email:$.string().email(),updateTo:$.string().optional()}).parse(o.payload),s=await e.context.internalAdapter.findUserByEmail(n.email);if(!s)return t("user_not_found");if(n.updateTo){let c=await ee(e);if(!c){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(c.user.email!==n.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo,emailVerified:!1}),d=await q(e.context.secret,n.updateTo);if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${d}`,token:d},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification){let c=await ee(e);if(!c||c.user.email!==n.email){let a=await e.context.internalAdapter.createSession(s.user.id,e.request);if(!a)throw new se("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await L(e,{session:a,user:s.user})}}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})});async function he(e,{userInfo:t,account:r,callbackURL:o}){let i=await e.context.internalAdapter.findOAuthUser(t.email.toLowerCase(),r.accountId,r.providerId).catch(a=>{throw j.error(`Better auth was unable to query your database.
3
3
  Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),n=i?.user,s=!n;if(i){let a=i.accounts.find(d=>d.providerId===r.providerId);if(a){let d=Object.fromEntries(Object.entries({accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt}).filter(([u,h])=>h!==void 0));Object.keys(d).length>0&&await e.context.internalAdapter.updateAccount(a.id,d)}else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return me&&j.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(h){return j.error("Unable to link account",h),{error:"unable to link account",data:null}}}}else try{if(n=await e.context.internalAdapter.createOAuthUser({...t,email:t.email.toLowerCase(),id:void 0},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(a=>a?.user),!t.emailVerified&&n&&e.context.options.emailVerification?.sendOnSignUp){let a=await q(e.context.secret,n.email),d=`${e.context.baseURL}/verify-email?token=${a}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:n,url:d,token:a},e.request)}}catch(a){return a instanceof ht?{error:a.message,data:null,isRegister:!1}:{error:"unable to create user",data:null,isRegister:!1}}if(!n)return{error:"unable to create user",data:null,isRegister:!1};let c=await e.context.internalAdapter.createSession(n.id,e.request);return c?{data:{session:c,user:n},error:null,isRegister:s}:{error:"unable to create session",data:null,isRegister:!1}}var wt=A("/sign-in/social",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({callbackURL:v.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),newUserCallbackURL:v.string().optional(),errorCallbackURL:v.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:ct,disableRedirect:v.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:v.optional(v.object({token:v.string({description:"ID token from the provider"}),nonce:v.string({description:"Nonce used to generate the token"}).optional(),accessToken:v.string({description:"Access token from the provider"}).optional(),refreshToken:v.string({description:"Refresh token from the provider"}).optional(),expiresAt:v.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new P("NOT_FOUND",{message:g.PROVIDER_NOT_FOUND});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new P("NOT_FOUND",{message:g.ID_TOKEN_NOT_SUPPORTED});let{token:n,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(n,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new P("UNAUTHORIZED",{message:g.INVALID_TOKEN});let a=await t.getUserInfo({idToken:n,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!a||!a?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new P("UNAUTHORIZED",{message:g.FAILED_TO_GET_USER_INFO});if(!a.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new P("UNAUTHORIZED",{message:g.USER_EMAIL_NOT_FOUND});let d=await he(e,{userInfo:{email:a.user.email,id:a.user.id,name:a.user.name||"",image:a.user.image,emailVerified:a.user.emailVerified||!1},account:{providerId:t.id,accountId:a.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new P("UNAUTHORIZED",{message:d.error});return await L(e,d.data),e.json({token:d.data.session.token,url:void 0,redirect:!1})}let{codeVerifier:r,state:o}=await ge(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!e.body.disableRedirect})}),yt=A("/sign-in/email",{method:"POST",body:v.object({email:v.string({description:"Email of the user"}),password:v.string({description:"Password of the user"}),callbackURL:v.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:v.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new P("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!v.string().email().safeParse(t).success)throw new P("BAD_REQUEST",{message:g.INVALID_EMAIL});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new P("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});let n=i.accounts.find(d=>d.providerId==="credential");if(!n)throw e.context.logger.error("Credential account not found",{email:t}),new P("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});let s=n?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new P("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});if(!await e.context.password.verify({hash:s,password:r}))throw e.context.logger.error("Invalid password"),new P("UNAUTHORIZED",{message:g.INVALID_EMAIL_OR_PASSWORD});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new P("UNAUTHORIZED",{message:g.EMAIL_NOT_VERIFIED});let d=await q(e.context.secret,i.user.email),u=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:u,token:d},e.request),new P("FORBIDDEN",{message:g.EMAIL_NOT_VERIFIED})}let a=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!a)throw e.context.logger.error("Failed to create session"),new P("UNAUTHORIZED",{message:g.FAILED_TO_CREATE_SESSION});return await L(e,{session:a,user:i.user},e.body.rememberMe===!1),e.json({user:{id:i.user.id,email:i.user.email,name:i.user.name,image:i.user.image,emailVerified:i.user.emailVerified,createdAt:i.user.createdAt,updatedAt:i.user.updatedAt},token:a.token,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as ae}from"zod";var we=ae.object({code:ae.string().optional(),error:ae.string().optional(),error_description:ae.string().optional(),state:ae.string().optional()}),bt=A("/callback/:id",{method:["GET","POST"],body:we.optional(),query:we.optional(),metadata:te},async e=>{let t;try{if(e.method==="GET")t=we.parse(e.query);else if(e.method==="POST")t=we.parse(e.body);else throw new Error("Unsupported method")}catch(m){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",m),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:i,error_description:n}=t;if(!i)throw e.context.logger.error("State not found",o),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}&error_description=${n}`);let s=e.context.socialProviders.find(m=>m.id===e.params.id);if(!s)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:c,callbackURL:a,link:d,errorURL:u,newUserURL:h}=await We(e),p;try{p=await s.validateAuthorizationCode({code:r,codeVerifier:c,redirectURI:`${e.context.baseURL}/callback/${s.id}`})}catch(m){throw e.context.logger.error("",m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let l=await s.getUserInfo(p).then(m=>m?.user);function y(m){let f=u||a||`${e.context.baseURL}/error`;throw f.includes("?")?f=`${f}&error=${m}`:f=`${f}?error=${m}`,e.redirect(f)}if(!l)return e.context.logger.error("Unable to get user info"),y("unable_to_get_user_info");if(!l.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),y("email_not_found");if(!a)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(d){if(d.email!==l.email.toLowerCase())return y("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:d.userId,providerId:s.id,accountId:l.id}))return y("unable_to_link_account");let f;try{f=a.toString()}catch{f=a}throw e.redirect(f)}let E=await he(e,{userInfo:{...l,email:l.email,name:l.name||l.email},account:{providerId:s.id,accountId:l.id,...p,scope:p.scopes?.join(",")},callbackURL:a});if(E.error)return e.context.logger.error(E.error.split(" ").join("_")),y(E.error.split(" ").join("_"));let{session:O,user:B}=E.data;await L(e,{session:O,user:B});let I;try{I=(E.isRegister&&h||a).toString()}catch{I=E.isRegister&&h||a}throw e.redirect(I)});import"zod";import{APIError as zr}from"better-call";var At=A("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw V(e),new zr("BAD_REQUEST",{message:g.FAILED_TO_GET_SESSION});return await e.context.internalAdapter.deleteSession(t),V(e),e.json({success:!0})});import{z as N}from"zod";import{APIError as ce}from"better-call";function Rt(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function Fr(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var kt=A("/forget-password",{method:"POST",body:N.object({email:N.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:N.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ce("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=Z(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i,"sec"),s=tt(24);await e.context.internalAdapter.createVerificationValue({value:o.user.id.toString(),identifier:`reset-password:${s}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:c,token:s},e.request),e.json({status:!0})}),Et=A("/reset-password/:token",{method:"GET",query:N.object({callbackURL:N.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Rt(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Rt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Fr(e.context,r,{token:t}))}),Ut=A("/reset-password",{query:N.optional(N.object({token:N.string().optional(),currentURL:N.string().optional()})),method:"POST",body:N.object({newPassword:N.string({description:"The new password to set"}),token:N.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ce("BAD_REQUEST",{message:g.INVALID_TOKEN});let{newPassword:r}=e.body,o=e.context.password?.config.minPasswordLength,i=e.context.password?.config.maxPasswordLength;if(r.length<o)throw new ce("BAD_REQUEST",{message:g.PASSWORD_TOO_SHORT});if(r.length>i)throw new ce("BAD_REQUEST",{message:g.PASSWORD_TOO_LONG});let n=`reset-password:${t}`,s=await e.context.internalAdapter.findVerificationValue(n);if(!s||s.expiresAt<new Date)throw new ce("BAD_REQUEST",{message:g.INVALID_TOKEN});await e.context.internalAdapter.deleteVerificationValue(s.id);let c=s.value,a=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(c)).find(h=>h.providerId==="credential")?(await e.context.internalAdapter.updatePassword(c,a),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:c,providerId:"credential",password:a,accountId:c}),e.json({status:!0}))});import{z as _}from"zod";import{APIError as T}from"better-call";import{z as b}from"zod";import{APIError as Hr}from"better-call";var Oa=b.object({id:b.string(),providerId:b.string(),accountId:b.string(),userId:b.string(),accessToken:b.string().nullish(),refreshToken:b.string().nullish(),idToken:b.string().nullish(),accessTokenExpiresAt:b.date().nullish(),refreshTokenExpiresAt:b.date().nullish(),scope:b.string().nullish(),password:b.string().nullish(),createdAt:b.date().default(()=>new Date),updatedAt:b.date().default(()=>new Date)}),xa=b.object({id:b.string(),email:b.string().transform(e=>e.toLowerCase()),emailVerified:b.boolean().default(!1),name:b.string(),image:b.string().nullish(),createdAt:b.date().default(()=>new Date),updatedAt:b.date().default(()=>new Date)}),Pa=b.object({id:b.string(),userId:b.string(),expiresAt:b.date(),createdAt:b.date().default(()=>new Date),updatedAt:b.date().default(()=>new Date),token:b.string(),ipAddress:b.string().nullish(),userAgent:b.string().nullish()}),La=b.object({id:b.string(),value:b.string(),createdAt:b.date().default(()=>new Date),updatedAt:b.date().default(()=>new Date),expiresAt:b.date(),identifier:b.string()});function Gr(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function Wr(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}if(o[n].validator?.input&&e[n]!==void 0){i[n]=o[n].validator.input.parse(e[n]);continue}if(o[n].transform?.input&&e[n]!==void 0){i[n]=o[n].transform?.input(e[n]);continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}if(o[n].required&&r==="create")throw new Hr("BAD_REQUEST",{message:`${n} is required`})}return i}function ye(e,t,r){let o=Gr(e,"user");return Wr(t||{},{fields:o,action:r})}var _t=()=>A("/update-user",{method:"POST",body:_.record(_.string(),_.any()),use:[D],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new T("BAD_REQUEST",{message:g.EMAIL_CAN_NOT_BE_UPDATED});let{name:r,image:o,...i}=t,n=e.context.session;if(o===void 0&&r===void 0&&Object.keys(i).length===0)return e.json({status:!0});let s=ye(e.context.options,i,"update"),c=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...s});return await L(e,{session:n.session,user:c}),e.json({status:!0})}),Tt=A("/change-password",{method:"POST",body:_.object({newPassword:_.string({description:"The new password to set"}),currentPassword:_.string({description:"The current password"}),revokeOtherSessions:_.boolean({description:"Revoke all other sessions"}).optional()}),use:[D],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new T("BAD_REQUEST",{message:g.PASSWORD_TOO_SHORT});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new T("BAD_REQUEST",{message:g.PASSWORD_TOO_LONG});let a=(await e.context.internalAdapter.findAccounts(i.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!a||!a.password)throw new T("BAD_REQUEST",{message:g.CREDENTIAL_ACCOUNT_NOT_FOUND});let d=await e.context.password.hash(t);if(!await e.context.password.verify({hash:a.password,password:r}))throw new T("BAD_REQUEST",{message:g.INVALID_PASSWORD});await e.context.internalAdapter.updateAccount(a.id,{password:d});let h=null;if(o){await e.context.internalAdapter.deleteSessions(i.user.id);let p=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!p)throw new T("INTERNAL_SERVER_ERROR",{message:g.FAILED_TO_GET_SESSION});await L(e,{session:p,user:i.user}),h=p.token}return e.json({token:h})}),vt=A("/set-password",{method:"POST",body:_.object({newPassword:_.string()}),metadata:{SERVER_ONLY:!0},use:[D]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new T("BAD_REQUEST",{message:g.PASSWORD_TOO_SHORT});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new T("BAD_REQUEST",{message:g.PASSWORD_TOO_LONG});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),c=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json({status:!0});throw new T("BAD_REQUEST",{message:"user already has a password"})}),St=A("/delete-user",{method:"POST",use:[D],body:_.object({callbackURL:_.string().optional(),password:_.string().optional(),token:_.string().optional()}),metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{if(!e.context.options.user?.deleteUser?.enabled)throw e.context.logger.error("Delete user is disabled. Enable it in the options",{session:e.context.session}),new T("NOT_FOUND");let t=e.context.session;if(e.body.password){let n=(await e.context.internalAdapter.findAccounts(t.user.id)).find(c=>c.providerId==="credential"&&c.password);if(!n||!n.password)throw new T("BAD_REQUEST",{message:g.CREDENTIAL_ACCOUNT_NOT_FOUND});if(!await e.context.password.verify({hash:n.password,password:e.body.password}))throw new T("BAD_REQUEST",{message:g.INVALID_PASSWORD})}else if(e.context.options.session?.freshAge){let i=t.session.createdAt.getTime(),n=e.context.options.session.freshAge;if(Date.now()-i>n)throw new T("BAD_REQUEST",{message:g.SESSION_EXPIRED})}if(e.body.token)return await ve({...e,query:{token:e.body.token}}),e.json({success:!0,message:"User deleted"});if(e.context.options.user.deleteUser?.sendDeleteAccountVerification){let i=ie(32,"0-9","a-z");await e.context.internalAdapter.createVerificationValue({value:t.user.id,identifier:`delete-account-${i}`,expiresAt:new Date(Date.now()+1e3*60*60*24)});let n=`${e.context.baseURL}/delete-user/callback?token=${i}&callbackURL=${e.body.callbackURL||"/"}`;return await e.context.options.user.deleteUser.sendDeleteAccountVerification({user:t.user,url:n,token:i},e.request),e.json({success:!0,message:"Verification email sent"})}let r=e.context.options.user.deleteUser?.beforeDelete;r&&await r(t.user,e.request),await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),await e.context.internalAdapter.deleteAccounts(t.user.id),V(e);let o=e.context.options.user.deleteUser?.afterDelete;return o&&await o(t.user,e.request),e.json({success:!0,message:"User deleted"})}),ve=A("/delete-user/callback",{method:"GET",query:_.object({token:_.string(),callbackURL:_.string().optional()})},async e=>{if(!e.context.options.user?.deleteUser?.enabled)throw e.context.logger.error("Delete user is disabled. Enable it in the options"),new T("NOT_FOUND");let t=await ee(e);if(!t)throw new T("NOT_FOUND",{message:g.FAILED_TO_GET_USER_INFO});let r=await e.context.internalAdapter.findVerificationValue(`delete-account-${e.query.token}`);if(!r||r.expiresAt<new Date)throw r&&await e.context.internalAdapter.deleteVerificationValue(r.id),new T("NOT_FOUND",{message:g.INVALID_TOKEN});if(r.value!==t.user.id)throw new T("NOT_FOUND",{message:g.INVALID_TOKEN});let o=e.context.options.user.deleteUser?.beforeDelete;o&&await o(t.user,e.request),await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),await e.context.internalAdapter.deleteAccounts(t.user.id),await e.context.internalAdapter.deleteVerificationValue(r.id),V(e);let i=e.context.options.user.deleteUser?.afterDelete;if(i&&await i(t.user,e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL||"/");return e.json({success:!0,message:"User deleted"})}),Ot=A("/change-email",{method:"POST",query:_.object({currentURL:_.string().optional()}).optional(),body:_.object({newEmail:_.string({description:"The new email to set"}).email(),callbackURL:_.string({description:"The URL to redirect to after email verification"}).optional()}),use:[D],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new T("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new T("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new T("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new T("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await q(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({status:!0})});var Qr=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
package/dist/client/plugins.cjs CHANGED
@@ -1 +1 @@
1
- "use strict";var v=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var L=Object.getOwnPropertyNames;var F=Object.prototype.hasOwnProperty;var N=(e,t)=>{for(var n in t)v(e,n,{get:t[n],enumerable:!0})},z=(e,t,n,s)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of L(t))!F.call(e,r)&&r!==n&&v(e,r,{get:()=>t[r],enumerable:!(s=I(t,r))||s.enumerable});return e};var D=e=>z(v({},"__esModule",{value:!0}),e);var pe={};N(pe,{InferServerPlugin:()=>A,adminClient:()=>te,anonymousClient:()=>Z,customSessionClient:()=>le,emailOTPClient:()=>se,genericOAuthClient:()=>re,getPasskeyActions:()=>B,inferAdditionalFields:()=>ee,jwtClient:()=>ne,magicLinkClient:()=>Y,multiSessionClient:()=>oe,oidcClient:()=>ce,oneTapClient:()=>ie,organizationClient:()=>J,passkeyClient:()=>Q,phoneNumberClient:()=>X,ssoClient:()=>ue,twoFactorClient:()=>K,usernameClient:()=>V});module.exports=D(pe);var y=Symbol("clean");var u=[],p=0,P=4,M=0,c=e=>{let t=[],n={get(){return n.lc||n.listen(()=>{})(),n.value},lc:0,listen(s){return n.lc=t.push(s),()=>{for(let o=p+P;o<u.length;)u[o]===s?u.splice(o,P):o+=P;let r=t.indexOf(s);~r&&(t.splice(r,1),--n.lc||n.off())}},notify(s,r){M++;let o=!u.length;for(let a of t)u.push(a,n.value,s,r);if(o){for(p=0;p<u.length;p+=P)u[p](u[p+1],u[p+2],u[p+3]);u.length=0}},off(){},set(s){let r=n.value;r!==s&&(n.value=s,n.notify(r))},subscribe(s){let r=n.listen(s);return s(n.value),r},value:e};return process.env.NODE_ENV!=="production"&&(n[y]=()=>{t=[],n.lc=0,n.off()}),n};var j=5,d=6,O=10,$=(e,t,n,s)=>(e.events=e.events||{},e.events[n+O]||(e.events[n+O]=s(r=>{e.events[n].reduceRight((o,a)=>(a(o),o),{shared:{},...r})})),e.events[n]=e.events[n]||[],e.events[n].push(t),()=>{let r=e.events[n],o=r.indexOf(t);r.splice(o,1),r.length||(delete e.events[n],e.events[n+O](),delete e.events[n+O])});var x=1e3,T=(e,t)=>$(e,s=>{let r=t(s);r&&e.events[d].push(r)},j,s=>{let r=e.listen;e.listen=(...a)=>(!e.lc&&!e.active&&(e.active=!0,s()),r(...a));let o=e.off;if(e.events[d]=[],e.off=()=>{o(),setTimeout(()=>{if(e.active&&!e.lc){e.active=!1;for(let a of e.events[d])a();e.events[d]=[]}},x)},process.env.NODE_ENV!=="production"){let a=e[y];e[y]=()=>{for(let i of e.events[d])i();e.events[d]=[],e.active=!1,a()}}return()=>{e.listen=r,e.off=o}});function w(e){let t=e;return{newRole(n){return q(n)}}}function q(e){return{statements:e,authorize(t,n){for(let[s,r]of Object.entries(t)){let o=e[s];return o?(n==="OR"?r.some(i=>o.includes(i)):r.every(i=>o.includes(i)))?{success:!0}:{success:!1,error:`Unauthorized to access resource "${s}"`}:{success:!1,error:`You are not allowed to access resource: ${s}`}}return{success:!1,error:"Not authorized"}}}}var G={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},b=w(G),E=b.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),_=b.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),C=b.newRole({organization:[],member:[],invitation:[]});var S=Object.create(null),g=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?S:globalThis),k=new Proxy(S,{get(e,t){return g()[t]??S[t]},has(e,t){let n=g();return t in n||t in S},set(e,t,n){let s=g(!0);return s[t]=n,!0},deleteProperty(e,t){if(!t)return!1;let n=g(!0);return delete n[t],!0},ownKeys(){let e=g(!0);return Object.keys(e)}});function W(e){return e?e!=="false":!1}var H=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var Ue=H==="test"||W(k.TEST);var f=(e,t,n,s)=>{let r=c({data:null,error:null,isPending:!0,isRefetching:!1}),o=()=>{let i=typeof s=="function"?s({data:r.get().data,error:r.get().error,isPending:r.get().isPending}):s;return n(t,{...i,async onSuccess(l){typeof window<"u"&&r.set({data:l.data,error:null,isPending:!1,isRefetching:!1}),await i?.onSuccess?.(l)},async onError(l){r.set({error:l.error,data:null,isPending:!1,isRefetching:!1}),await i?.onError?.(l)},async onRequest(l){let h=r.get();r.set({isPending:h.data===null,data:h.data,error:null,isRefetching:!0}),await i?.onRequest?.(l)}})};e=Array.isArray(e)?e:[e];let a=!1;for(let i of e)i.subscribe(()=>{a?o():T(r,()=>(o(),a=!0,()=>{r.off(),i.off()}))});return r};var Ve={true:!0,false:!1,null:null,undefined:void 0,nan:Number.NaN,infinity:Number.POSITIVE_INFINITY,"-infinity":Number.NEGATIVE_INFINITY};var J=e=>{let t=c(!1),n=c(!1),s=c(!1),r={admin:E,member:C,owner:_,...e?.roles};return{id:"organization",$InferServerPlugin:{},getActions:o=>({$Infer:{ActiveOrganization:{},Organization:{},Invitation:{},Member:{}},organization:{checkRolePermission:a=>{let i=r[a.role];return i?(i?.authorize(a.permission)).success:!1}}}),getAtoms:o=>{let a=f(t,"/organization/list",o,{method:"GET"}),i=f([n],"/organization/get-full-organization",o,()=>({method:"GET"})),l=f([s],"/organization/get-active-member",o,{method:"GET"});return{$listOrg:t,$activeOrgSignal:n,$activeMemberSignal:s,activeOrganization:i,listOrganizations:a,activeMember:l}},pathMethods:{"/organization/get-full-organization":"GET"},atomListeners:[{matcher(o){return o==="/organization/create"||o==="/organization/delete"},signal:"$listOrg"},{matcher(o){return o.startsWith("/organization")},signal:"$activeOrgSignal"},{matcher(o){return o.includes("/organization/update-member-role")},signal:"$activeMemberSignal"}]}};var V=()=>({id:"username",$InferServerPlugin:{}});var m=require("@simplewebauthn/browser");var B=(e,{$listPasskeys:t})=>({signIn:{passkey:async(r,o)=>{let a=await e("/passkey/generate-authenticate-options",{method:"POST",body:{email:r?.email}});if(!a.data)return a;try{let i=await(0,m.startAuthentication)({optionsJSON:a.data,useBrowserAutofill:r?.autoFill}),l=await e("/passkey/verify-authentication",{body:{response:i},...r?.fetchOptions,...o,method:"POST"});if(!l.data)return l}catch{return{data:null,error:{message:"auth cancelled",status:400,statusText:"BAD_REQUEST"}}}}},passkey:{addPasskey:async(r,o)=>{let a=await e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let i=await(0,m.startRegistration)({optionsJSON:a.data,useAutoRegister:r?.useAutoRegister}),l=await e("/passkey/verify-registration",{...r?.fetchOptions,...o,body:{response:i,name:r?.name},method:"POST"});if(!l.data)return l;t.set(Math.random())}catch(i){return i instanceof m.WebAuthnError?i.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:i.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:i.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:i instanceof Error?i.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),Q=()=>{let e=c();return{id:"passkey",$InferServerPlugin:{},getActions:t=>B(t,{$listPasskeys:e}),getAtoms(t){return{listPasskeys:f(e,"/passkey/list-user-passkeys",t,{method:"GET"}),$listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(t){return t==="/passkey/verify-registration"||t==="/passkey/delete-passkey"||t==="/passkey/update-passkey"},signal:"_listPasskeys"}]}};var K=e=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:t=>t.startsWith("/two-factor/"),signal:"$sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST","/two-factor/generate-backup-codes":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(t){t.data?.twoFactorRedirect&&e?.onTwoFactorRedirect&&await e.onTwoFactorRedirect()}}}]});var Y=()=>({id:"magic-link",$InferServerPlugin:{}});var X=()=>({id:"phoneNumber",$InferServerPlugin:{},atomListeners:[{matcher(e){return e==="/phone-number/update"||e==="/phone-number/verify"},signal:"$sessionSignal"}]});var Z=()=>({id:"anonymous",$InferServerPlugin:{},pathMethods:{"/sign-in/anonymous":"POST"}});var ee=e=>({id:"additional-fields-client",$InferServerPlugin:{}});var te=()=>({id:"better-auth-client",$InferServerPlugin:{},pathMethods:{"/admin/list-users":"GET","/admin/stop-impersonating":"POST"}});var re=()=>({id:"generic-oauth-client",$InferServerPlugin:{}});var ne=()=>({id:"better-auth-client",$InferServerPlugin:{}});var oe=()=>({id:"multi-session",$InferServerPlugin:{},atomListeners:[{matcher(e){return e==="/multi-session/set-active"},signal:"$sessionSignal"}]});var se=()=>({id:"email-otp",$InferServerPlugin:{}});var R=!1,ie=e=>({id:"one-tap",getActions:(t,n)=>({oneTap:async(s,r)=>{if(R){console.warn("A Google One Tap request is already in progress. Please wait.");return}R=!0;try{if(typeof window>"u"||!window.document){console.warn("Google One Tap is only available in browser environments");return}let{autoSelect:o,cancelOnTapOutside:a,context:i}=s??{},l=i??e.context??"signin";await ae(),await new Promise(h=>{window.google?.accounts.id.initialize({client_id:e.clientId,callback:async U=>{await t("/one-tap/callback",{method:"POST",body:{idToken:U.credential},...s?.fetchOptions,...r}),(!s?.fetchOptions&&!r||s?.callbackURL)&&(window.location.href=s?.callbackURL??"/"),h()},auto_select:o,cancel_on_tap_outside:a,context:l}),window.google?.accounts.id.prompt()})}catch(o){throw console.error("Error during Google One Tap flow:",o),o}finally{R=!1}}}),getAtoms(t){return{}}}),ae=()=>new Promise(e=>{if(window.googleScriptInitialized){e();return}let t=document.createElement("script");t.src="https://accounts.google.com/gsi/client",t.async=!0,t.defer=!0,t.onload=()=>{window.googleScriptInitialized=!0,e()},document.head.appendChild(t)});var le=()=>A();var A=()=>({id:"infer-server-plugin",$InferServerPlugin:{}});var ue=()=>({id:"sso-client",$InferServerPlugin:{}});var ce=()=>({id:"oidc-client",$InferServerPlugin:{}});0&&(module.exports={InferServerPlugin,adminClient,anonymousClient,customSessionClient,emailOTPClient,genericOAuthClient,getPasskeyActions,inferAdditionalFields,jwtClient,magicLinkClient,multiSessionClient,oidcClient,oneTapClient,organizationClient,passkeyClient,phoneNumberClient,ssoClient,twoFactorClient,usernameClient});
1
+ "use strict";var T=Object.defineProperty;var L=Object.getOwnPropertyDescriptor;var F=Object.getOwnPropertyNames;var N=Object.prototype.hasOwnProperty;var z=(e,t)=>{for(var r in t)T(e,r,{get:t[r],enumerable:!0})},D=(e,t,r,s)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of F(t))!N.call(e,n)&&n!==r&&T(e,n,{get:()=>t[n],enumerable:!(s=L(t,n))||s.enumerable});return e};var M=e=>D(T({},"__esModule",{value:!0}),e);var fe={};z(fe,{InferServerPlugin:()=>x,adminClient:()=>re,anonymousClient:()=>ee,customSessionClient:()=>ue,emailOTPClient:()=>ie,genericOAuthClient:()=>ne,getPasskeyActions:()=>U,inferAdditionalFields:()=>te,jwtClient:()=>oe,magicLinkClient:()=>X,multiSessionClient:()=>se,oidcClient:()=>pe,oneTapClient:()=>ae,organizationClient:()=>V,passkeyClient:()=>K,phoneNumberClient:()=>Z,ssoClient:()=>ce,twoFactorClient:()=>Y,usernameClient:()=>Q});module.exports=M(fe);var y=Symbol("clean");var u=[],p=0,O=4,j=0,c=e=>{let t=[],r={get(){return r.lc||r.listen(()=>{})(),r.value},lc:0,listen(s){return r.lc=t.push(s),()=>{for(let o=p+O;o<u.length;)u[o]===s?u.splice(o,O):o+=O;let n=t.indexOf(s);~n&&(t.splice(n,1),--r.lc||r.off())}},notify(s,n){j++;let o=!u.length;for(let a of t)u.push(a,r.value,s,n);if(o){for(p=0;p<u.length;p+=O)u[p](u[p+1],u[p+2],u[p+3]);u.length=0}},off(){},set(s){let n=r.value;n!==s&&(r.value=s,r.notify(n))},subscribe(s){let n=r.listen(s);return s(r.value),n},value:e};return process.env.NODE_ENV!=="production"&&(r[y]=()=>{t=[],r.lc=0,r.off()}),r};var $=5,d=6,S=10,q=(e,t,r,s)=>(e.events=e.events||{},e.events[r+S]||(e.events[r+S]=s(n=>{e.events[r].reduceRight((o,a)=>(a(o),o),{shared:{},...n})})),e.events[r]=e.events[r]||[],e.events[r].push(t),()=>{let n=e.events[r],o=n.indexOf(t);n.splice(o,1),n.length||(delete e.events[r],e.events[r+S](),delete e.events[r+S])});var w=1e3,b=(e,t)=>q(e,s=>{let n=t(s);n&&e.events[d].push(n)},$,s=>{let n=e.listen;e.listen=(...a)=>(!e.lc&&!e.active&&(e.active=!0,s()),n(...a));let o=e.off;if(e.events[d]=[],e.off=()=>{o(),setTimeout(()=>{if(e.active&&!e.lc){e.active=!1;for(let a of e.events[d])a();e.events[d]=[]}},w)},process.env.NODE_ENV!=="production"){let a=e[y];e[y]=()=>{for(let i of e.events[d])i();e.events[d]=[],e.active=!1,a()}}return()=>{e.listen=n,e.off=o}});function E(e){let t=e;return{newRole(r){return G(r)}}}function G(e){return{statements:e,authorize(t,r){for(let[s,n]of Object.entries(t)){let o=e[s];return o?(r==="OR"?n.some(i=>o.includes(i)):n.every(i=>o.includes(i)))?{success:!0}:{success:!1,error:`Unauthorized to access resource "${s}"`}:{success:!1,error:`You are not allowed to access resource: ${s}`}}return{success:!1,error:"Not authorized"}}}}var W={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},R=E(W),_=R.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),C=R.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),k=R.newRole({organization:[],member:[],invitation:[]});var v=Object.create(null),g=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?v:globalThis),B=new Proxy(v,{get(e,t){return g()[t]??v[t]},has(e,t){let r=g();return t in r||t in v},set(e,t,r){let s=g(!0);return s[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=g(!0);return delete r[t],!0},ownKeys(){let e=g(!0);return Object.keys(e)}});function H(e){return e?e!=="false":!1}var J=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var Ie=J==="test"||H(B.TEST);var h=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};var f=(e,t,r,s)=>{let n=c({data:null,error:null,isPending:!0,isRefetching:!1}),o=()=>{let i=typeof s=="function"?s({data:n.get().data,error:n.get().error,isPending:n.get().isPending}):s;return r(t,{...i,async onSuccess(l){typeof window<"u"&&n.set({data:l.data,error:null,isPending:!1,isRefetching:!1}),await i?.onSuccess?.(l)},async onError(l){n.set({error:l.error,data:null,isPending:!1,isRefetching:!1}),await i?.onError?.(l)},async onRequest(l){let P=n.get();n.set({isPending:P.data===null,data:P.data,error:null,isRefetching:!0}),await i?.onRequest?.(l)}})};e=Array.isArray(e)?e:[e];let a=!1;for(let i of e)i.subscribe(()=>{a?o():b(n,()=>(o(),a=!0,()=>{n.off(),i.off()}))});return n};var Ve={true:!0,false:!1,null:null,undefined:void 0,nan:Number.NaN,infinity:Number.POSITIVE_INFINITY,"-infinity":Number.NEGATIVE_INFINITY};var V=e=>{let t=c(!1),r=c(!1),s=c(!1),n={admin:_,member:k,owner:C,...e?.roles};return{id:"organization",$InferServerPlugin:{},getActions:o=>({$Infer:{ActiveOrganization:{},Organization:{},Invitation:{},Member:{}},organization:{checkRolePermission:a=>{if(Object.keys(a.permission).length>1)throw new h("you can only check one resource permission at a time.");let i=n[a.role];return i?(i?.authorize(a.permission)).success:!1}}}),getAtoms:o=>{let a=f(t,"/organization/list",o,{method:"GET"}),i=f([r],"/organization/get-full-organization",o,()=>({method:"GET"})),l=f([s],"/organization/get-active-member",o,{method:"GET"});return{$listOrg:t,$activeOrgSignal:r,$activeMemberSignal:s,activeOrganization:i,listOrganizations:a,activeMember:l}},pathMethods:{"/organization/get-full-organization":"GET"},atomListeners:[{matcher(o){return o==="/organization/create"||o==="/organization/delete"},signal:"$listOrg"},{matcher(o){return o.startsWith("/organization")},signal:"$activeOrgSignal"},{matcher(o){return o.includes("/organization/update-member-role")},signal:"$activeMemberSignal"}]}};var Q=()=>({id:"username",$InferServerPlugin:{}});var m=require("@simplewebauthn/browser");var U=(e,{$listPasskeys:t})=>({signIn:{passkey:async(n,o)=>{let a=await e("/passkey/generate-authenticate-options",{method:"POST",body:{email:n?.email}});if(!a.data)return a;try{let i=await(0,m.startAuthentication)({optionsJSON:a.data,useBrowserAutofill:n?.autoFill}),l=await e("/passkey/verify-authentication",{body:{response:i},...n?.fetchOptions,...o,method:"POST"});if(!l.data)return l}catch{return{data:null,error:{message:"auth cancelled",status:400,statusText:"BAD_REQUEST"}}}}},passkey:{addPasskey:async(n,o)=>{let a=await e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let i=await(0,m.startRegistration)({optionsJSON:a.data,useAutoRegister:n?.useAutoRegister}),l=await e("/passkey/verify-registration",{...n?.fetchOptions,...o,body:{response:i,name:n?.name},method:"POST"});if(!l.data)return l;t.set(Math.random())}catch(i){return i instanceof m.WebAuthnError?i.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:i.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:i.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:i instanceof Error?i.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),K=()=>{let e=c();return{id:"passkey",$InferServerPlugin:{},getActions:t=>U(t,{$listPasskeys:e}),getAtoms(t){return{listPasskeys:f(e,"/passkey/list-user-passkeys",t,{method:"GET"}),$listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(t){return t==="/passkey/verify-registration"||t==="/passkey/delete-passkey"||t==="/passkey/update-passkey"},signal:"_listPasskeys"}]}};var Y=e=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:t=>t.startsWith("/two-factor/"),signal:"$sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST","/two-factor/generate-backup-codes":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(t){t.data?.twoFactorRedirect&&e?.onTwoFactorRedirect&&await e.onTwoFactorRedirect()}}}]});var X=()=>({id:"magic-link",$InferServerPlugin:{}});var Z=()=>({id:"phoneNumber",$InferServerPlugin:{},atomListeners:[{matcher(e){return e==="/phone-number/update"||e==="/phone-number/verify"},signal:"$sessionSignal"}]});var ee=()=>({id:"anonymous",$InferServerPlugin:{},pathMethods:{"/sign-in/anonymous":"POST"}});var te=e=>({id:"additional-fields-client",$InferServerPlugin:{}});var re=()=>({id:"better-auth-client",$InferServerPlugin:{},pathMethods:{"/admin/list-users":"GET","/admin/stop-impersonating":"POST"}});var ne=()=>({id:"generic-oauth-client",$InferServerPlugin:{}});var oe=()=>({id:"better-auth-client",$InferServerPlugin:{}});var se=()=>({id:"multi-session",$InferServerPlugin:{},atomListeners:[{matcher(e){return e==="/multi-session/set-active"},signal:"$sessionSignal"}]});var ie=()=>({id:"email-otp",$InferServerPlugin:{}});var A=!1,ae=e=>({id:"one-tap",getActions:(t,r)=>({oneTap:async(s,n)=>{if(A){console.warn("A Google One Tap request is already in progress. Please wait.");return}A=!0;try{if(typeof window>"u"||!window.document){console.warn("Google One Tap is only available in browser environments");return}let{autoSelect:o,cancelOnTapOutside:a,context:i}=s??{},l=i??e.context??"signin";await le(),await new Promise(P=>{window.google?.accounts.id.initialize({client_id:e.clientId,callback:async I=>{await t("/one-tap/callback",{method:"POST",body:{idToken:I.credential},...s?.fetchOptions,...n}),(!s?.fetchOptions&&!n||s?.callbackURL)&&(window.location.href=s?.callbackURL??"/"),P()},auto_select:o,cancel_on_tap_outside:a,context:l}),window.google?.accounts.id.prompt()})}catch(o){throw console.error("Error during Google One Tap flow:",o),o}finally{A=!1}}}),getAtoms(t){return{}}}),le=()=>new Promise(e=>{if(window.googleScriptInitialized){e();return}let t=document.createElement("script");t.src="https://accounts.google.com/gsi/client",t.async=!0,t.defer=!0,t.onload=()=>{window.googleScriptInitialized=!0,e()},document.head.appendChild(t)});var ue=()=>x();var x=()=>({id:"infer-server-plugin",$InferServerPlugin:{}});var ce=()=>({id:"sso-client",$InferServerPlugin:{}});var pe=()=>({id:"oidc-client",$InferServerPlugin:{}});0&&(module.exports={InferServerPlugin,adminClient,anonymousClient,customSessionClient,emailOTPClient,genericOAuthClient,getPasskeyActions,inferAdditionalFields,jwtClient,magicLinkClient,multiSessionClient,oidcClient,oneTapClient,organizationClient,passkeyClient,phoneNumberClient,ssoClient,twoFactorClient,usernameClient});
package/dist/client/plugins.d.cts CHANGED
@@ -2,7 +2,7 @@ import * as nanostores from 'nanostores';
2
2
  import { AccessControl, StatementsPrimitive, Role } from '../plugins/access.cjs';
3
3
  import * as _better_fetch_fetch from '@better-fetch/fetch';
4
4
  import { BetterFetchOption } from '@better-fetch/fetch';
5
- import { o as organization, a as Organization, M as Member, I as Invitation } from '../index-BCJVACKS.cjs';
5
+ import { o as organization, a as Organization, M as Member, I as Invitation } from '../index-Dpgm40FH.cjs';
6
6
  import { b as Prettify } from '../helper-Bi8FQwDD.cjs';
7
7
  import { username } from '../plugins/username.cjs';
8
8
  export { getPasskeyActions, passkeyClient } from '../plugins/passkey.cjs';
@@ -69,7 +69,7 @@ declare const organizationClient: <O extends OrganizationClientOptions>(options?
69
69
  roles: any;
70
70
  } ? keyof O["roles"] : "admin" | "member" | "owner">(data: {
71
71
  role: R;
72
- permission: Partial<{ [key in keyof (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
72
+ permission: { [key in keyof (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
73
73
  readonly organization: readonly ["update", "delete"];
74
74
  readonly member: readonly ["create", "update", "delete"];
75
75
  readonly invitation: readonly ["create", "cancel"];
@@ -81,7 +81,7 @@ declare const organizationClient: <O extends OrganizationClientOptions>(options?
81
81
  readonly organization: readonly ["update", "delete"];
82
82
  readonly member: readonly ["create", "update", "delete"];
83
83
  readonly invitation: readonly ["create", "cancel"];
84
- })]: (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
84
+ })]?: (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
85
85
  readonly organization: readonly ["update", "delete"];
86
86
  readonly member: readonly ["create", "update", "delete"];
87
87
  readonly invitation: readonly ["create", "cancel"];
@@ -93,7 +93,7 @@ declare const organizationClient: <O extends OrganizationClientOptions>(options?
93
93
  readonly organization: readonly ["update", "delete"];
94
94
  readonly member: readonly ["create", "update", "delete"];
95
95
  readonly invitation: readonly ["create", "cancel"];
96
- })[key][number][]; }>;
96
+ })[key][number][]; };
97
97
  }) => boolean;
98
98
  };
99
99
  };
package/dist/client/plugins.d.ts CHANGED
@@ -2,7 +2,7 @@ import * as nanostores from 'nanostores';
2
2
  import { AccessControl, StatementsPrimitive, Role } from '../plugins/access.js';
3
3
  import * as _better_fetch_fetch from '@better-fetch/fetch';
4
4
  import { BetterFetchOption } from '@better-fetch/fetch';
5
- import { o as organization, a as Organization, M as Member, I as Invitation } from '../index-BcgN_NSa.js';
5
+ import { o as organization, a as Organization, M as Member, I as Invitation } from '../index-C1MweRkC.js';
6
6
  import { b as Prettify } from '../helper-Bi8FQwDD.js';
7
7
  import { username } from '../plugins/username.js';
8
8
  export { getPasskeyActions, passkeyClient } from '../plugins/passkey.js';
@@ -69,7 +69,7 @@ declare const organizationClient: <O extends OrganizationClientOptions>(options?
69
69
  roles: any;
70
70
  } ? keyof O["roles"] : "admin" | "member" | "owner">(data: {
71
71
  role: R;
72
- permission: Partial<{ [key in keyof (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
72
+ permission: { [key in keyof (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
73
73
  readonly organization: readonly ["update", "delete"];
74
74
  readonly member: readonly ["create", "update", "delete"];
75
75
  readonly invitation: readonly ["create", "cancel"];
@@ -81,7 +81,7 @@ declare const organizationClient: <O extends OrganizationClientOptions>(options?
81
81
  readonly organization: readonly ["update", "delete"];
82
82
  readonly member: readonly ["create", "update", "delete"];
83
83
  readonly invitation: readonly ["create", "cancel"];
84
- })]: (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
84
+ })]?: (O["ac"] extends AccessControl<infer S extends StatementsPrimitive> ? S extends Record<string, any[]> ? S & {
85
85
  readonly organization: readonly ["update", "delete"];
86
86
  readonly member: readonly ["create", "update", "delete"];
87
87
  readonly invitation: readonly ["create", "cancel"];
@@ -93,7 +93,7 @@ declare const organizationClient: <O extends OrganizationClientOptions>(options?
93
93
  readonly organization: readonly ["update", "delete"];
94
94
  readonly member: readonly ["create", "update", "delete"];
95
95
  readonly invitation: readonly ["create", "cancel"];
96
- })[key][number][]; }>;
96
+ })[key][number][]; };
97
97
  }) => boolean;
98
98
  };
99
99
  };