better-auth 1.2.0-beta.1 → 1.2.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/dist/adapters/drizzle.cjs +11 -4
  2. package/dist/adapters/drizzle.d.cts +6 -2
  3. package/dist/adapters/drizzle.d.ts +6 -2
  4. package/dist/adapters/drizzle.js +10 -3
  5. package/dist/adapters/kysely.cjs +4 -4
  6. package/dist/adapters/kysely.d.cts +6 -2
  7. package/dist/adapters/kysely.d.ts +6 -2
  8. package/dist/adapters/kysely.js +2 -2
  9. package/dist/adapters/memory.cjs +3 -3
  10. package/dist/adapters/memory.d.cts +6 -2
  11. package/dist/adapters/memory.d.ts +6 -2
  12. package/dist/adapters/memory.js +2 -2
  13. package/dist/adapters/mongodb.cjs +25 -7
  14. package/dist/adapters/mongodb.d.cts +6 -2
  15. package/dist/adapters/mongodb.d.ts +6 -2
  16. package/dist/adapters/mongodb.js +23 -5
  17. package/dist/adapters/prisma.cjs +17 -4
  18. package/dist/adapters/prisma.d.cts +6 -2
  19. package/dist/adapters/prisma.d.ts +6 -2
  20. package/dist/adapters/prisma.js +15 -2
  21. package/dist/adapters/test.cjs +1 -1
  22. package/dist/adapters/test.d.cts +2 -2
  23. package/dist/adapters/test.d.ts +2 -2
  24. package/dist/adapters/test.js +1 -1
  25. package/dist/api.cjs +47 -43
  26. package/dist/api.d.cts +3 -3
  27. package/dist/api.d.ts +3 -3
  28. package/dist/api.js +4 -4
  29. package/dist/{auth-D4rdpxtI.d.cts → auth-BLwS7t0V.d.cts} +7659 -3308
  30. package/dist/{auth-DcMc3BIq.d.ts → auth-C42JqOR9.d.ts} +7659 -3308
  31. package/dist/{chunk-5KMF6HGF.js → chunk-2F3IX7O2.js} +70 -49
  32. package/dist/{chunk-5E75URIA.cjs → chunk-2Z6CVQHH.cjs} +0 -4
  33. package/dist/{chunk-WLXFBYQ6.cjs → chunk-45RBYQKI.cjs} +77 -7
  34. package/dist/{chunk-WGCTQNSQ.js → chunk-4KMR5H5T.js} +1 -1
  35. package/dist/{chunk-CVDYU5OC.js → chunk-4POUTBIX.js} +5 -8
  36. package/dist/{chunk-BKFMDM3P.js → chunk-52TDJNDX.js} +110 -12
  37. package/dist/{chunk-PJ4KWXLQ.cjs → chunk-5ECP2UE2.cjs} +5 -5
  38. package/dist/{chunk-FXNG3YQA.js → chunk-5G6XUCMS.js} +146 -79
  39. package/dist/{chunk-UHGAA4GH.cjs → chunk-5KTUVZ3H.cjs} +5 -5
  40. package/dist/{chunk-YRUDZRY3.cjs → chunk-5RR5WN52.cjs} +73 -52
  41. package/dist/{chunk-JNZYTS3B.js → chunk-BZOIXJ2Q.js} +1 -1
  42. package/dist/{chunk-FA6UYV37.js → chunk-CG2CK6HR.js} +1 -1
  43. package/dist/{chunk-EM73ZZSP.cjs → chunk-DURU7ZRA.cjs} +20 -20
  44. package/dist/{chunk-MGJLVQOV.js → chunk-EQYRCOOF.js} +39 -2
  45. package/dist/{chunk-3BWJXTLC.cjs → chunk-GSEEAIRZ.cjs} +47 -53
  46. package/dist/{chunk-QFYRLTM5.cjs → chunk-HUDPJXOF.cjs} +24 -33
  47. package/dist/{chunk-764RYNTE.cjs → chunk-IG7Z7S3A.cjs} +61 -28
  48. package/dist/{chunk-5RY45WFV.js → chunk-IQUHEVLH.js} +2 -8
  49. package/dist/{chunk-JLATHUM5.cjs → chunk-IUGQVFPG.cjs} +6 -6
  50. package/dist/{chunk-5OBRFII2.js → chunk-J6VNT2T4.js} +49 -5
  51. package/dist/{chunk-NU4SXYJ5.cjs → chunk-JDAHD767.cjs} +198 -42
  52. package/dist/{chunk-LZ5DEQVH.cjs → chunk-K6WRBJAV.cjs} +3 -3
  53. package/dist/{chunk-WDOY7YUW.cjs → chunk-KAR56MJZ.cjs} +39 -2
  54. package/dist/{chunk-GTM45OYP.cjs → chunk-MKNDCNWD.cjs} +3 -3
  55. package/dist/{chunk-PIWBUHRB.cjs → chunk-N7UWN6ND.cjs} +42 -17
  56. package/dist/{chunk-E6LJZ5ME.js → chunk-QKCLO6S5.js} +1 -1
  57. package/dist/{chunk-ADGXBH3Y.js → chunk-QLKU77BF.js} +1 -10
  58. package/dist/{chunk-6O2GLU2U.cjs → chunk-QNLSMTXF.cjs} +17 -12
  59. package/dist/{chunk-S6MI7ZLE.js → chunk-QQGRNAM2.js} +11 -6
  60. package/dist/{chunk-GTQM7JU7.js → chunk-R42K7GPF.js} +3 -1
  61. package/dist/{chunk-3EY3LSQR.js → chunk-SCXZXQTZ.js} +37 -13
  62. package/dist/{chunk-WVLPJXQR.cjs → chunk-SMZIOWVN.cjs} +76 -32
  63. package/dist/{chunk-UP6VJQDB.js → chunk-ST2CQ4A2.js} +2 -2
  64. package/dist/{chunk-V6RGXSG4.cjs → chunk-SVC7H7K4.cjs} +3 -1
  65. package/dist/{chunk-VXDYNCOX.js → chunk-TODG5RSV.js} +172 -19
  66. package/dist/{chunk-5XAVWKUN.js → chunk-TZ34QTAV.js} +73 -3
  67. package/dist/{chunk-BAPXDO3E.cjs → chunk-U44XLDNH.cjs} +119 -21
  68. package/dist/{chunk-VPCROEJW.cjs → chunk-WD65CNWK.cjs} +170 -103
  69. package/dist/{chunk-RGG6OEA3.js → chunk-X7L62XYJ.js} +58 -25
  70. package/dist/{chunk-G7HOSQ5N.cjs → chunk-Z3CGJYU3.cjs} +15 -18
  71. package/dist/{chunk-YW3B2ST3.js → chunk-ZDYKAJ67.js} +116 -5
  72. package/dist/{chunk-NPO64SVN.js → chunk-ZFUBVSZD.js} +0 -4
  73. package/dist/{chunk-2LQ7T2GE.js → chunk-ZKMUJOIP.js} +1 -1
  74. package/dist/{chunk-OSBTXYDD.cjs → chunk-ZUUQ3FFY.cjs} +125 -14
  75. package/dist/client/plugins.cjs +45 -12
  76. package/dist/client/plugins.d.cts +45 -7
  77. package/dist/client/plugins.d.ts +45 -7
  78. package/dist/client/plugins.js +45 -12
  79. package/dist/client.d.cts +6 -7
  80. package/dist/client.d.ts +6 -7
  81. package/dist/cookies.d.cts +2 -2
  82. package/dist/cookies.d.ts +2 -2
  83. package/dist/db.cjs +13 -13
  84. package/dist/db.d.cts +3 -3
  85. package/dist/db.d.ts +3 -3
  86. package/dist/db.js +2 -2
  87. package/dist/index-Bszx4yMW.d.cts +7755 -0
  88. package/dist/{index-Ba5bMY6A.d.cts → index-BuRgaJZR.d.cts} +194 -2
  89. package/dist/index-DbIhOM3X.d.ts +7755 -0
  90. package/dist/{index-XrJz4AYF.d.ts → index-moQjyfmm.d.ts} +194 -2
  91. package/dist/index.cjs +18 -18
  92. package/dist/index.d.cts +3 -3
  93. package/dist/index.d.ts +3 -3
  94. package/dist/index.js +8 -8
  95. package/dist/next-js.cjs +23 -23
  96. package/dist/next-js.d.cts +2 -2
  97. package/dist/next-js.d.ts +2 -2
  98. package/dist/next-js.js +22 -22
  99. package/dist/node.d.cts +2 -2
  100. package/dist/node.d.ts +2 -2
  101. package/dist/oauth2.cjs +9 -9
  102. package/dist/oauth2.d.cts +6 -5
  103. package/dist/oauth2.d.ts +6 -5
  104. package/dist/oauth2.js +2 -2
  105. package/dist/plugins/admin.cjs +6 -6
  106. package/dist/plugins/admin.d.cts +162 -31
  107. package/dist/plugins/admin.d.ts +162 -31
  108. package/dist/plugins/admin.js +5 -5
  109. package/dist/plugins/anonymous.cjs +6 -6
  110. package/dist/plugins/anonymous.d.cts +8 -4
  111. package/dist/plugins/anonymous.d.ts +8 -4
  112. package/dist/plugins/anonymous.js +5 -5
  113. package/dist/plugins/bearer.cjs +6 -6
  114. package/dist/plugins/bearer.d.cts +2 -2
  115. package/dist/plugins/bearer.d.ts +2 -2
  116. package/dist/plugins/bearer.js +5 -5
  117. package/dist/{plugin → plugins}/custom-session.cjs +6 -6
  118. package/dist/{plugin → plugins}/custom-session.d.cts +8 -4
  119. package/dist/{plugin → plugins}/custom-session.d.ts +8 -4
  120. package/dist/{plugin → plugins}/custom-session.js +5 -5
  121. package/dist/plugins/email-otp.cjs +6 -6
  122. package/dist/plugins/email-otp.d.cts +44 -16
  123. package/dist/plugins/email-otp.d.ts +44 -16
  124. package/dist/plugins/email-otp.js +5 -5
  125. package/dist/plugins/generic-oauth.cjs +6 -6
  126. package/dist/plugins/generic-oauth.d.cts +95 -6
  127. package/dist/plugins/generic-oauth.d.ts +95 -6
  128. package/dist/plugins/generic-oauth.js +5 -5
  129. package/dist/plugins/jwt.cjs +6 -6
  130. package/dist/plugins/jwt.d.cts +28 -6
  131. package/dist/plugins/jwt.d.ts +28 -6
  132. package/dist/plugins/jwt.js +5 -5
  133. package/dist/plugins/magic-link.cjs +6 -6
  134. package/dist/plugins/magic-link.d.cts +16 -4
  135. package/dist/plugins/magic-link.d.ts +16 -4
  136. package/dist/plugins/magic-link.js +5 -5
  137. package/dist/plugins/multi-session.cjs +6 -6
  138. package/dist/plugins/multi-session.d.cts +20 -8
  139. package/dist/plugins/multi-session.d.ts +20 -8
  140. package/dist/plugins/multi-session.js +5 -5
  141. package/dist/plugins/oidc-provider.cjs +6 -6
  142. package/dist/plugins/oidc-provider.d.cts +43 -15
  143. package/dist/plugins/oidc-provider.d.ts +43 -15
  144. package/dist/plugins/oidc-provider.js +5 -5
  145. package/dist/plugins/one-tap.cjs +6 -6
  146. package/dist/plugins/one-tap.d.cts +13 -2
  147. package/dist/plugins/one-tap.d.ts +13 -2
  148. package/dist/plugins/one-tap.js +5 -5
  149. package/dist/plugins/open-api.cjs +7 -7
  150. package/dist/plugins/open-api.d.cts +14 -6
  151. package/dist/plugins/open-api.d.ts +14 -6
  152. package/dist/plugins/open-api.js +6 -6
  153. package/dist/plugins/organization.cjs +6 -6
  154. package/dist/plugins/organization.d.cts +3 -3
  155. package/dist/plugins/organization.d.ts +3 -3
  156. package/dist/plugins/organization.js +5 -5
  157. package/dist/plugins/passkey.cjs +17 -17
  158. package/dist/plugins/passkey.d.cts +44 -16
  159. package/dist/plugins/passkey.d.ts +44 -16
  160. package/dist/plugins/passkey.js +4 -4
  161. package/dist/plugins/phone-number.cjs +6 -6
  162. package/dist/plugins/phone-number.d.cts +122 -9
  163. package/dist/plugins/phone-number.d.ts +122 -9
  164. package/dist/plugins/phone-number.js +5 -5
  165. package/dist/plugins/sso.cjs +26 -18
  166. package/dist/plugins/sso.d.cts +24 -8
  167. package/dist/plugins/sso.d.ts +24 -8
  168. package/dist/plugins/sso.js +13 -5
  169. package/dist/plugins/two-factor.cjs +6 -6
  170. package/dist/plugins/two-factor.d.cts +62 -22
  171. package/dist/plugins/two-factor.d.ts +62 -22
  172. package/dist/plugins/two-factor.js +5 -5
  173. package/dist/plugins/username.cjs +6 -6
  174. package/dist/plugins/username.d.cts +36 -4
  175. package/dist/plugins/username.d.ts +36 -4
  176. package/dist/plugins/username.js +5 -5
  177. package/dist/plugins.cjs +42 -42
  178. package/dist/plugins.d.cts +11 -7
  179. package/dist/plugins.d.ts +11 -7
  180. package/dist/plugins.js +22 -22
  181. package/dist/react.d.cts +7 -9
  182. package/dist/react.d.ts +7 -9
  183. package/dist/social.cjs +32 -20
  184. package/dist/social.d.cts +1 -1
  185. package/dist/social.d.ts +1 -1
  186. package/dist/social.js +3 -3
  187. package/dist/solid.d.cts +7 -7
  188. package/dist/solid.d.ts +7 -7
  189. package/dist/{state-Cm8el5M1.d.ts → state-BlQHfd32.d.ts} +1 -1
  190. package/dist/{state-DcraY2_H.d.cts → state-lA7cG1Em.d.cts} +1 -1
  191. package/dist/svelte-kit.d.cts +2 -2
  192. package/dist/svelte-kit.d.ts +2 -2
  193. package/dist/svelte.d.cts +7 -7
  194. package/dist/svelte.d.ts +7 -7
  195. package/dist/types.d.cts +4 -4
  196. package/dist/types.d.ts +4 -4
  197. package/dist/vue.d.cts +7 -7
  198. package/dist/vue.d.ts +7 -7
  199. package/package.json +4 -4
  200. package/dist/index-CvlKSqnF.d.cts +0 -4023
  201. package/dist/index-Ivs2EsUL.d.ts +0 -4023
@@ -2,7 +2,7 @@
2
2
 
3
3
  var chunkZBKCS3KP_cjs = require('./chunk-ZBKCS3KP.cjs');
4
4
  var chunkEHFDU6IF_cjs = require('./chunk-EHFDU6IF.cjs');
5
- var chunkPIWBUHRB_cjs = require('./chunk-PIWBUHRB.cjs');
5
+ var chunkN7UWN6ND_cjs = require('./chunk-N7UWN6ND.cjs');
6
6
  var chunkV6HE2MP7_cjs = require('./chunk-V6HE2MP7.cjs');
7
7
  var chunkB5UCLTPZ_cjs = require('./chunk-B5UCLTPZ.cjs');
8
8
  var chunkG2LZ73E2_cjs = require('./chunk-G2LZ73E2.cjs');
@@ -14,7 +14,7 @@ var otp = require('@better-auth/utils/otp');
14
14
  // src/plugins/two-factor/constant.ts
15
15
  var TWO_FACTOR_COOKIE_NAME = "two_factor";
16
16
  var TRUST_DEVICE_COOKIE_NAME = "trust_device";
17
- var verifyTwoFactorMiddleware = chunkPIWBUHRB_cjs.createAuthMiddleware(
17
+ var verifyTwoFactorMiddleware = chunkN7UWN6ND_cjs.createAuthMiddleware(
18
18
  {
19
19
  body: zod.z.object({
20
20
  /**
@@ -26,7 +26,7 @@ var verifyTwoFactorMiddleware = chunkPIWBUHRB_cjs.createAuthMiddleware(
26
26
  })
27
27
  },
28
28
  async (ctx) => {
29
- const session = await chunkPIWBUHRB_cjs.getSessionFromCtx(ctx);
29
+ const session = await chunkN7UWN6ND_cjs.getSessionFromCtx(ctx);
30
30
  if (!session) {
31
31
  const cookieName = ctx.context.createAuthCookie(TWO_FACTOR_COOKIE_NAME);
32
32
  const userId = await ctx.getSignedCookie(
@@ -172,7 +172,7 @@ var backupCode2fa = (options) => {
172
172
  return {
173
173
  id: "backup_code",
174
174
  endpoints: {
175
- verifyBackupCode: chunkPIWBUHRB_cjs.createAuthEndpoint(
175
+ verifyBackupCode: chunkN7UWN6ND_cjs.createAuthEndpoint(
176
176
  "/two-factor/verify-backup-code",
177
177
  {
178
178
  method: "POST",
@@ -241,14 +241,14 @@ var backupCode2fa = (options) => {
241
241
  });
242
242
  }
243
243
  ),
244
- generateBackupCodes: chunkPIWBUHRB_cjs.createAuthEndpoint(
244
+ generateBackupCodes: chunkN7UWN6ND_cjs.createAuthEndpoint(
245
245
  "/two-factor/generate-backup-codes",
246
246
  {
247
247
  method: "POST",
248
248
  body: zod.z.object({
249
249
  password: zod.z.string()
250
250
  }),
251
- use: [chunkPIWBUHRB_cjs.sessionMiddleware]
251
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware]
252
252
  },
253
253
  async (ctx) => {
254
254
  const user = ctx.context.session.user;
@@ -280,7 +280,7 @@ var backupCode2fa = (options) => {
280
280
  });
281
281
  }
282
282
  ),
283
- viewBackupCodes: chunkPIWBUHRB_cjs.createAuthEndpoint(
283
+ viewBackupCodes: chunkN7UWN6ND_cjs.createAuthEndpoint(
284
284
  "/two-factor/view-backup-codes",
285
285
  {
286
286
  method: "GET",
@@ -331,7 +331,7 @@ var otp2fa = (options) => {
331
331
  period: (options?.period || 3) * 60 * 1e3
332
332
  };
333
333
  const twoFactorTable = "twoFactor";
334
- const send2FaOTP = chunkPIWBUHRB_cjs.createAuthEndpoint(
334
+ const send2FaOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
335
335
  "/two-factor/send-otp",
336
336
  {
337
337
  method: "POST",
@@ -402,7 +402,7 @@ var otp2fa = (options) => {
402
402
  return ctx.json({ status: true });
403
403
  }
404
404
  );
405
- const verifyOTP = chunkPIWBUHRB_cjs.createAuthEndpoint(
405
+ const verifyOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
406
406
  "/two-factor/verify-otp",
407
407
  {
408
408
  method: "POST",
@@ -493,11 +493,11 @@ var totp2fa = (options) => {
493
493
  period: options?.period || 30
494
494
  };
495
495
  const twoFactorTable = "twoFactor";
496
- const generateTOTP = chunkPIWBUHRB_cjs.createAuthEndpoint(
496
+ const generateTOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
497
497
  "/totp/generate",
498
498
  {
499
499
  method: "POST",
500
- use: [chunkPIWBUHRB_cjs.sessionMiddleware],
500
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware],
501
501
  metadata: {
502
502
  openapi: {
503
503
  summary: "Generate TOTP code",
@@ -553,11 +553,11 @@ var totp2fa = (options) => {
553
553
  return { code };
554
554
  }
555
555
  );
556
- const getTOTPURI = chunkPIWBUHRB_cjs.createAuthEndpoint(
556
+ const getTOTPURI = chunkN7UWN6ND_cjs.createAuthEndpoint(
557
557
  "/two-factor/get-totp-uri",
558
558
  {
559
559
  method: "POST",
560
- use: [chunkPIWBUHRB_cjs.sessionMiddleware],
560
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware],
561
561
  body: zod.z.object({
562
562
  password: zod.z.string({
563
563
  description: "User password"
@@ -625,7 +625,7 @@ var totp2fa = (options) => {
625
625
  };
626
626
  }
627
627
  );
628
- const verifyTOTP = chunkPIWBUHRB_cjs.createAuthEndpoint(
628
+ const verifyTOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
629
629
  "/two-factor/verify-totp",
630
630
  {
631
631
  method: "POST",
@@ -779,7 +779,7 @@ var twoFactor = (options) => {
779
779
  ...totp.endpoints,
780
780
  ...otp$1.endpoints,
781
781
  ...backupCode.endpoints,
782
- enableTwoFactor: chunkPIWBUHRB_cjs.createAuthEndpoint(
782
+ enableTwoFactor: chunkN7UWN6ND_cjs.createAuthEndpoint(
783
783
  "/two-factor/enable",
784
784
  {
785
785
  method: "POST",
@@ -788,7 +788,7 @@ var twoFactor = (options) => {
788
788
  description: "User password"
789
789
  }).min(8)
790
790
  }),
791
- use: [chunkPIWBUHRB_cjs.sessionMiddleware],
791
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware],
792
792
  metadata: {
793
793
  openapi: {
794
794
  summary: "Enable two factor authentication",
@@ -830,7 +830,7 @@ var twoFactor = (options) => {
830
830
  });
831
831
  if (!isPasswordValid) {
832
832
  throw new betterCall.APIError("BAD_REQUEST", {
833
- message: chunkPIWBUHRB_cjs.BASE_ERROR_CODES.INVALID_PASSWORD
833
+ message: chunkN7UWN6ND_cjs.BASE_ERROR_CODES.INVALID_PASSWORD
834
834
  });
835
835
  }
836
836
  const secret = chunkG2LZ73E2_cjs.generateRandomString(32);
@@ -887,7 +887,7 @@ var twoFactor = (options) => {
887
887
  return ctx.json({ totpURI, backupCodes: backupCodes.backupCodes });
888
888
  }
889
889
  ),
890
- disableTwoFactor: chunkPIWBUHRB_cjs.createAuthEndpoint(
890
+ disableTwoFactor: chunkN7UWN6ND_cjs.createAuthEndpoint(
891
891
  "/two-factor/disable",
892
892
  {
893
893
  method: "POST",
@@ -896,7 +896,7 @@ var twoFactor = (options) => {
896
896
  description: "User password"
897
897
  }).min(8)
898
898
  }),
899
- use: [chunkPIWBUHRB_cjs.sessionMiddleware],
899
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware],
900
900
  metadata: {
901
901
  openapi: {
902
902
  summary: "Disable two factor authentication",
@@ -972,7 +972,7 @@ var twoFactor = (options) => {
972
972
  matcher(context) {
973
973
  return context.path === "/sign-in/email" || context.path === "/sign-in/username" || context.path === "/sign-in/phone-number";
974
974
  },
975
- handler: chunkPIWBUHRB_cjs.createAuthMiddleware(async (ctx) => {
975
+ handler: chunkN7UWN6ND_cjs.createAuthMiddleware(async (ctx) => {
976
976
  const data = ctx.context.newSession;
977
977
  if (!data) {
978
978
  return;
@@ -90,13 +90,16 @@ function getWithHooks(adapter, ctx) {
90
90
  for (const hook of hooks || []) {
91
91
  const toRun = hook[model]?.create?.before;
92
92
  if (toRun) {
93
- const result = await toRun(data);
93
+ const result = await toRun(actualData);
94
94
  if (result === false) {
95
95
  return null;
96
96
  }
97
97
  const isObject = typeof result === "object" && "data" in result;
98
98
  if (isObject) {
99
- actualData = result.data;
99
+ actualData = {
100
+ ...actualData,
101
+ ...result.data
102
+ };
100
103
  }
101
104
  }
102
105
  }
@@ -272,6 +275,12 @@ var createInternalAdapter = (adapter, ctx) => {
272
275
  });
273
276
  return users;
274
277
  },
278
+ countTotalUsers: async () => {
279
+ const total = await adapter.count({
280
+ model: "user"
281
+ });
282
+ return total;
283
+ },
275
284
  deleteUser: async (userId) => {
276
285
  if (secondaryStorage) {
277
286
  await secondaryStorage.delete(`active-sessions-${userId}`);
@@ -795,6 +804,18 @@ var createInternalAdapter = (adapter, ctx) => {
795
804
  },
796
805
  limit: 1
797
806
  });
807
+ if (!options.verification?.disableCleanup) {
808
+ await adapter.deleteMany({
809
+ model: "verification",
810
+ where: [
811
+ {
812
+ field: "expiresAt",
813
+ value: (/* @__PURE__ */ new Date()).toISOString(),
814
+ operator: "lt"
815
+ }
816
+ ]
817
+ });
818
+ }
798
819
  const lastVerification = verification[0];
799
820
  return lastVerification;
800
821
  },
@@ -1249,6 +1270,9 @@ var memoryAdapter = (db) => (options) => {
1249
1270
  }
1250
1271
  return table.map((record) => transformOutput(record, model));
1251
1272
  },
1273
+ count: async ({ model }) => {
1274
+ return db[model].length;
1275
+ },
1252
1276
  update: async ({ model, where, update }) => {
1253
1277
  const table = db[model];
1254
1278
  const res = convertWhereClause(where, table, model);
@@ -1858,6 +1882,19 @@ var kyselyAdapter = (db, config) => (opts) => {
1858
1882
  const res = await query.execute();
1859
1883
  return res.length;
1860
1884
  },
1885
+ async count(data) {
1886
+ const { model, where } = data;
1887
+ const { and, or } = convertWhereClause(model, where);
1888
+ let query = db.selectFrom(getModelName(model)).select(db.fn.count("id").as("count"));
1889
+ if (and) {
1890
+ query = query.where((eb) => eb.and(and.map((expr) => expr(eb))));
1891
+ }
1892
+ if (or) {
1893
+ query = query.where((eb) => eb.or(or.map((expr) => expr(eb))));
1894
+ }
1895
+ const res = await query.execute();
1896
+ return res[0].count;
1897
+ },
1861
1898
  async delete(data) {
1862
1899
  const { model, where } = data;
1863
1900
  const { and, or } = convertWhereClause(model, where);
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- var chunkPIWBUHRB_cjs = require('./chunk-PIWBUHRB.cjs');
3
+ var chunkN7UWN6ND_cjs = require('./chunk-N7UWN6ND.cjs');
4
4
  var chunkV6HE2MP7_cjs = require('./chunk-V6HE2MP7.cjs');
5
5
  var chunkG2LZ73E2_cjs = require('./chunk-G2LZ73E2.cjs');
6
6
  var jose = require('jose');
@@ -136,7 +136,7 @@ async function authorize(ctx, options) {
136
136
  error: "invalid_request"
137
137
  });
138
138
  }
139
- const session = await chunkPIWBUHRB_cjs.getSessionFromCtx(ctx);
139
+ const session = await chunkN7UWN6ND_cjs.getSessionFromCtx(ctx);
140
140
  if (!session) {
141
141
  await ctx.setSignedCookie(
142
142
  "oidc_login_prompt",
@@ -332,7 +332,7 @@ var getMetadata = (ctx, options) => {
332
332
  issuer,
333
333
  authorization_endpoint: `${baseURL}/oauth2/authorize`,
334
334
  token_endpoint: `${baseURL}/oauth2/token`,
335
- userInfo_endpoint: `${baseURL}/oauth2/userinfo`,
335
+ userinfo_endpoint: `${baseURL}/oauth2/userinfo`,
336
336
  jwks_uri: `${baseURL}/jwks`,
337
337
  registration_endpoint: `${baseURL}/oauth2/register`,
338
338
  scopes_supported: ["openid", "profile", "email", "offline_access"],
@@ -392,7 +392,7 @@ var oidcProvider = (options) => {
392
392
  matcher() {
393
393
  return true;
394
394
  },
395
- handler: chunkPIWBUHRB_cjs.createAuthMiddleware(async (ctx) => {
395
+ handler: chunkN7UWN6ND_cjs.createAuthMiddleware(async (ctx) => {
396
396
  const cookie = await ctx.getSignedCookie(
397
397
  "oidc_login_prompt",
398
398
  ctx.context.secret
@@ -427,7 +427,7 @@ var oidcProvider = (options) => {
427
427
  ]
428
428
  },
429
429
  endpoints: {
430
- getOpenIdConfig: chunkPIWBUHRB_cjs.createAuthEndpoint(
430
+ getOpenIdConfig: chunkN7UWN6ND_cjs.createAuthEndpoint(
431
431
  "/.well-known/openid-configuration",
432
432
  {
433
433
  method: "GET"
@@ -437,7 +437,7 @@ var oidcProvider = (options) => {
437
437
  return ctx.json(metadata);
438
438
  }
439
439
  ),
440
- oAuth2authorize: chunkPIWBUHRB_cjs.createAuthEndpoint(
440
+ oAuth2authorize: chunkN7UWN6ND_cjs.createAuthEndpoint(
441
441
  "/oauth2/authorize",
442
442
  {
443
443
  method: "GET",
@@ -447,14 +447,14 @@ var oidcProvider = (options) => {
447
447
  return authorize(ctx, opts);
448
448
  }
449
449
  ),
450
- oAuthConsent: chunkPIWBUHRB_cjs.createAuthEndpoint(
450
+ oAuthConsent: chunkN7UWN6ND_cjs.createAuthEndpoint(
451
451
  "/oauth2/consent",
452
452
  {
453
453
  method: "POST",
454
454
  body: zod.z.object({
455
455
  accept: zod.z.boolean()
456
456
  }),
457
- use: [chunkPIWBUHRB_cjs.sessionMiddleware]
457
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware]
458
458
  },
459
459
  async (ctx) => {
460
460
  const storedCode = await ctx.getSignedCookie(
@@ -462,30 +462,27 @@ var oidcProvider = (options) => {
462
462
  ctx.context.secret
463
463
  );
464
464
  if (!storedCode) {
465
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
465
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
466
466
  error_description: "No consent prompt found",
467
467
  error: "invalid_grant"
468
468
  });
469
469
  }
470
470
  const verification = await ctx.context.internalAdapter.findVerificationValue(storedCode);
471
471
  if (!verification) {
472
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
472
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
473
473
  error_description: "Invalid code",
474
474
  error: "invalid_grant"
475
475
  });
476
476
  }
477
477
  if (verification.expiresAt < /* @__PURE__ */ new Date()) {
478
- await ctx.context.internalAdapter.deleteVerificationValue(
479
- verification.id
480
- );
481
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
478
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
482
479
  error_description: "Code expired",
483
480
  error: "invalid_grant"
484
481
  });
485
482
  }
486
483
  const value = JSON.parse(verification.value);
487
484
  if (!value.requireConsent || !value.state) {
488
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
485
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
489
486
  error_description: "Consent not required",
490
487
  error: "invalid_grant"
491
488
  });
@@ -531,7 +528,7 @@ var oidcProvider = (options) => {
531
528
  });
532
529
  }
533
530
  ),
534
- oAuth2token: chunkPIWBUHRB_cjs.createAuthEndpoint(
531
+ oAuth2token: chunkN7UWN6ND_cjs.createAuthEndpoint(
535
532
  "/oauth2/token",
536
533
  {
537
534
  method: "POST",
@@ -543,7 +540,7 @@ var oidcProvider = (options) => {
543
540
  async (ctx) => {
544
541
  let { body } = ctx;
545
542
  if (!body) {
546
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
543
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
547
544
  error_description: "request body not found",
548
545
  error: "invalid_request"
549
546
  });
@@ -552,7 +549,7 @@ var oidcProvider = (options) => {
552
549
  body = Object.fromEntries(body.entries());
553
550
  }
554
551
  if (!(body instanceof Object)) {
555
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
552
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
556
553
  error_description: "request body is not an object",
557
554
  error: "invalid_request"
558
555
  });
@@ -568,7 +565,7 @@ var oidcProvider = (options) => {
568
565
  } = body;
569
566
  if (grant_type === "refresh_token") {
570
567
  if (!refresh_token) {
571
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
568
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
572
569
  error_description: "refresh_token is required",
573
570
  error: "invalid_request"
574
571
  });
@@ -583,19 +580,19 @@ var oidcProvider = (options) => {
583
580
  ]
584
581
  });
585
582
  if (!token) {
586
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
583
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
587
584
  error_description: "invalid refresh token",
588
585
  error: "invalid_grant"
589
586
  });
590
587
  }
591
588
  if (token.clientId !== client_id?.toString()) {
592
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
589
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
593
590
  error_description: "invalid client_id",
594
591
  error: "invalid_client"
595
592
  });
596
593
  }
597
594
  if (token.refreshTokenExpiresAt < /* @__PURE__ */ new Date()) {
598
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
595
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
599
596
  error_description: "refresh token expired",
600
597
  error: "invalid_grant"
601
598
  });
@@ -631,13 +628,13 @@ var oidcProvider = (options) => {
631
628
  });
632
629
  }
633
630
  if (!code) {
634
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
631
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
635
632
  error_description: "code is required",
636
633
  error: "invalid_request"
637
634
  });
638
635
  }
639
636
  if (options.requirePKCE && !code_verifier) {
640
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
637
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
641
638
  error_description: "code verifier is missing",
642
639
  error: "invalid_request"
643
640
  });
@@ -646,16 +643,13 @@ var oidcProvider = (options) => {
646
643
  code.toString()
647
644
  );
648
645
  if (!verificationValue) {
649
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
646
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
650
647
  error_description: "invalid code",
651
648
  error: "invalid_grant"
652
649
  });
653
650
  }
654
651
  if (verificationValue.expiresAt < /* @__PURE__ */ new Date()) {
655
- await ctx.context.internalAdapter.deleteVerificationValue(
656
- verificationValue.id
657
- );
658
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
652
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
659
653
  error_description: "code expired",
660
654
  error: "invalid_grant"
661
655
  });
@@ -664,25 +658,25 @@ var oidcProvider = (options) => {
664
658
  verificationValue.id
665
659
  );
666
660
  if (!client_id || !client_secret) {
667
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
661
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
668
662
  error_description: "client_id and client_secret are required",
669
663
  error: "invalid_client"
670
664
  });
671
665
  }
672
666
  if (!grant_type) {
673
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
667
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
674
668
  error_description: "grant_type is required",
675
669
  error: "invalid_request"
676
670
  });
677
671
  }
678
672
  if (grant_type !== "authorization_code") {
679
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
673
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
680
674
  error_description: "grant_type must be 'authorization_code'",
681
675
  error: "unsupported_grant_type"
682
676
  });
683
677
  }
684
678
  if (!redirect_uri) {
685
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
679
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
686
680
  error_description: "redirect_uri is required",
687
681
  error: "invalid_request"
688
682
  });
@@ -701,20 +695,20 @@ var oidcProvider = (options) => {
701
695
  };
702
696
  });
703
697
  if (!client) {
704
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
698
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
705
699
  error_description: "invalid client_id",
706
700
  error: "invalid_client"
707
701
  });
708
702
  }
709
703
  if (client.disabled) {
710
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
704
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
711
705
  error_description: "client is disabled",
712
706
  error: "invalid_client"
713
707
  });
714
708
  }
715
709
  const isValidSecret = client.clientSecret === client_secret.toString();
716
710
  if (!isValidSecret) {
717
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
711
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
718
712
  error_description: "invalid client_secret",
719
713
  error: "invalid_client"
720
714
  });
@@ -723,19 +717,19 @@ var oidcProvider = (options) => {
723
717
  verificationValue.value
724
718
  );
725
719
  if (value.clientId !== client_id.toString()) {
726
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
720
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
727
721
  error_description: "invalid client_id",
728
722
  error: "invalid_client"
729
723
  });
730
724
  }
731
725
  if (value.redirectURI !== redirect_uri.toString()) {
732
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
726
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
733
727
  error_description: "invalid redirect_uri",
734
728
  error: "invalid_client"
735
729
  });
736
730
  }
737
731
  if (value.codeChallenge && !code_verifier) {
738
- throw new chunkPIWBUHRB_cjs.APIError("BAD_REQUEST", {
732
+ throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
739
733
  error_description: "code verifier is missing",
740
734
  error: "invalid_request"
741
735
  });
@@ -744,7 +738,7 @@ var oidcProvider = (options) => {
744
738
  code_verifier
745
739
  );
746
740
  if (challenge !== value.codeChallenge) {
747
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
741
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
748
742
  error_description: "code verification failed",
749
743
  error: "invalid_request"
750
744
  });
@@ -779,7 +773,7 @@ var oidcProvider = (options) => {
779
773
  value.userId
780
774
  );
781
775
  if (!user) {
782
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
776
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
783
777
  error_description: "user not found",
784
778
  error: "invalid_grant"
785
779
  });
@@ -840,7 +834,7 @@ var oidcProvider = (options) => {
840
834
  );
841
835
  }
842
836
  ),
843
- oAuth2userInfo: chunkPIWBUHRB_cjs.createAuthEndpoint(
837
+ oAuth2userInfo: chunkN7UWN6ND_cjs.createAuthEndpoint(
844
838
  "/oauth2/userinfo",
845
839
  {
846
840
  method: "GET",
@@ -850,14 +844,14 @@ var oidcProvider = (options) => {
850
844
  },
851
845
  async (ctx) => {
852
846
  if (!ctx.request) {
853
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
847
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
854
848
  error_description: "request not found",
855
849
  error: "invalid_request"
856
850
  });
857
851
  }
858
852
  const authorization = ctx.request.headers.get("authorization");
859
853
  if (!authorization) {
860
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
854
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
861
855
  error_description: "authorization header not found",
862
856
  error: "invalid_request"
863
857
  });
@@ -873,13 +867,13 @@ var oidcProvider = (options) => {
873
867
  ]
874
868
  });
875
869
  if (!accessToken) {
876
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
870
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
877
871
  error_description: "invalid access token",
878
872
  error: "invalid_token"
879
873
  });
880
874
  }
881
875
  if (accessToken.accessTokenExpiresAt < /* @__PURE__ */ new Date()) {
882
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
876
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
883
877
  error_description: "The Access Token expired",
884
878
  error: "invalid_token"
885
879
  });
@@ -888,7 +882,7 @@ var oidcProvider = (options) => {
888
882
  accessToken.userId
889
883
  );
890
884
  if (!user) {
891
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
885
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
892
886
  error_description: "user not found",
893
887
  error: "invalid_token"
894
888
  });
@@ -905,7 +899,7 @@ var oidcProvider = (options) => {
905
899
  return ctx.json(userClaims);
906
900
  }
907
901
  ),
908
- registerOAuthApplication: chunkPIWBUHRB_cjs.createAuthEndpoint(
902
+ registerOAuthApplication: chunkN7UWN6ND_cjs.createAuthEndpoint(
909
903
  "/oauth2/register",
910
904
  {
911
905
  method: "POST",
@@ -918,9 +912,9 @@ var oidcProvider = (options) => {
918
912
  },
919
913
  async (ctx) => {
920
914
  const body = ctx.body;
921
- const session = await chunkPIWBUHRB_cjs.getSessionFromCtx(ctx);
915
+ const session = await chunkN7UWN6ND_cjs.getSessionFromCtx(ctx);
922
916
  if (!session && !options.allowDynamicClientRegistration) {
923
- throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
917
+ throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
924
918
  message: "Unauthorized"
925
919
  });
926
920
  }
@@ -950,11 +944,11 @@ var oidcProvider = (options) => {
950
944
  });
951
945
  }
952
946
  ),
953
- getOAuthClient: chunkPIWBUHRB_cjs.createAuthEndpoint(
947
+ getOAuthClient: chunkN7UWN6ND_cjs.createAuthEndpoint(
954
948
  "/oauth2/client/:id",
955
949
  {
956
950
  method: "GET",
957
- use: [chunkPIWBUHRB_cjs.sessionMiddleware]
951
+ use: [chunkN7UWN6ND_cjs.sessionMiddleware]
958
952
  },
959
953
  async (ctx) => {
960
954
  const client = await ctx.context.adapter.findOne(
@@ -964,7 +958,7 @@ var oidcProvider = (options) => {
964
958
  }
965
959
  );
966
960
  if (!client) {
967
- throw new chunkPIWBUHRB_cjs.APIError("NOT_FOUND", {
961
+ throw new chunkN7UWN6ND_cjs.APIError("NOT_FOUND", {
968
962
  error_description: "client not found",
969
963
  error: "not_found"
970
964
  });