better-auth 1.2.0-beta.1 → 1.2.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/drizzle.cjs +11 -4
- package/dist/adapters/drizzle.d.cts +6 -2
- package/dist/adapters/drizzle.d.ts +6 -2
- package/dist/adapters/drizzle.js +10 -3
- package/dist/adapters/kysely.cjs +4 -4
- package/dist/adapters/kysely.d.cts +6 -2
- package/dist/adapters/kysely.d.ts +6 -2
- package/dist/adapters/kysely.js +2 -2
- package/dist/adapters/memory.cjs +3 -3
- package/dist/adapters/memory.d.cts +6 -2
- package/dist/adapters/memory.d.ts +6 -2
- package/dist/adapters/memory.js +2 -2
- package/dist/adapters/mongodb.cjs +25 -7
- package/dist/adapters/mongodb.d.cts +6 -2
- package/dist/adapters/mongodb.d.ts +6 -2
- package/dist/adapters/mongodb.js +23 -5
- package/dist/adapters/prisma.cjs +17 -4
- package/dist/adapters/prisma.d.cts +6 -2
- package/dist/adapters/prisma.d.ts +6 -2
- package/dist/adapters/prisma.js +15 -2
- package/dist/adapters/test.cjs +1 -1
- package/dist/adapters/test.d.cts +2 -2
- package/dist/adapters/test.d.ts +2 -2
- package/dist/adapters/test.js +1 -1
- package/dist/api.cjs +47 -43
- package/dist/api.d.cts +3 -3
- package/dist/api.d.ts +3 -3
- package/dist/api.js +4 -4
- package/dist/{auth-D4rdpxtI.d.cts → auth-BLwS7t0V.d.cts} +7659 -3308
- package/dist/{auth-DcMc3BIq.d.ts → auth-C42JqOR9.d.ts} +7659 -3308
- package/dist/{chunk-5KMF6HGF.js → chunk-2F3IX7O2.js} +70 -49
- package/dist/{chunk-5E75URIA.cjs → chunk-2Z6CVQHH.cjs} +0 -4
- package/dist/{chunk-WLXFBYQ6.cjs → chunk-45RBYQKI.cjs} +77 -7
- package/dist/{chunk-WGCTQNSQ.js → chunk-4KMR5H5T.js} +1 -1
- package/dist/{chunk-CVDYU5OC.js → chunk-4POUTBIX.js} +5 -8
- package/dist/{chunk-BKFMDM3P.js → chunk-52TDJNDX.js} +110 -12
- package/dist/{chunk-PJ4KWXLQ.cjs → chunk-5ECP2UE2.cjs} +5 -5
- package/dist/{chunk-FXNG3YQA.js → chunk-5G6XUCMS.js} +146 -79
- package/dist/{chunk-UHGAA4GH.cjs → chunk-5KTUVZ3H.cjs} +5 -5
- package/dist/{chunk-YRUDZRY3.cjs → chunk-5RR5WN52.cjs} +73 -52
- package/dist/{chunk-JNZYTS3B.js → chunk-BZOIXJ2Q.js} +1 -1
- package/dist/{chunk-FA6UYV37.js → chunk-CG2CK6HR.js} +1 -1
- package/dist/{chunk-EM73ZZSP.cjs → chunk-DURU7ZRA.cjs} +20 -20
- package/dist/{chunk-MGJLVQOV.js → chunk-EQYRCOOF.js} +39 -2
- package/dist/{chunk-3BWJXTLC.cjs → chunk-GSEEAIRZ.cjs} +47 -53
- package/dist/{chunk-QFYRLTM5.cjs → chunk-HUDPJXOF.cjs} +24 -33
- package/dist/{chunk-764RYNTE.cjs → chunk-IG7Z7S3A.cjs} +61 -28
- package/dist/{chunk-5RY45WFV.js → chunk-IQUHEVLH.js} +2 -8
- package/dist/{chunk-JLATHUM5.cjs → chunk-IUGQVFPG.cjs} +6 -6
- package/dist/{chunk-5OBRFII2.js → chunk-J6VNT2T4.js} +49 -5
- package/dist/{chunk-NU4SXYJ5.cjs → chunk-JDAHD767.cjs} +198 -42
- package/dist/{chunk-LZ5DEQVH.cjs → chunk-K6WRBJAV.cjs} +3 -3
- package/dist/{chunk-WDOY7YUW.cjs → chunk-KAR56MJZ.cjs} +39 -2
- package/dist/{chunk-GTM45OYP.cjs → chunk-MKNDCNWD.cjs} +3 -3
- package/dist/{chunk-PIWBUHRB.cjs → chunk-N7UWN6ND.cjs} +42 -17
- package/dist/{chunk-E6LJZ5ME.js → chunk-QKCLO6S5.js} +1 -1
- package/dist/{chunk-ADGXBH3Y.js → chunk-QLKU77BF.js} +1 -10
- package/dist/{chunk-6O2GLU2U.cjs → chunk-QNLSMTXF.cjs} +17 -12
- package/dist/{chunk-S6MI7ZLE.js → chunk-QQGRNAM2.js} +11 -6
- package/dist/{chunk-GTQM7JU7.js → chunk-R42K7GPF.js} +3 -1
- package/dist/{chunk-3EY3LSQR.js → chunk-SCXZXQTZ.js} +37 -13
- package/dist/{chunk-WVLPJXQR.cjs → chunk-SMZIOWVN.cjs} +76 -32
- package/dist/{chunk-UP6VJQDB.js → chunk-ST2CQ4A2.js} +2 -2
- package/dist/{chunk-V6RGXSG4.cjs → chunk-SVC7H7K4.cjs} +3 -1
- package/dist/{chunk-VXDYNCOX.js → chunk-TODG5RSV.js} +172 -19
- package/dist/{chunk-5XAVWKUN.js → chunk-TZ34QTAV.js} +73 -3
- package/dist/{chunk-BAPXDO3E.cjs → chunk-U44XLDNH.cjs} +119 -21
- package/dist/{chunk-VPCROEJW.cjs → chunk-WD65CNWK.cjs} +170 -103
- package/dist/{chunk-RGG6OEA3.js → chunk-X7L62XYJ.js} +58 -25
- package/dist/{chunk-G7HOSQ5N.cjs → chunk-Z3CGJYU3.cjs} +15 -18
- package/dist/{chunk-YW3B2ST3.js → chunk-ZDYKAJ67.js} +116 -5
- package/dist/{chunk-NPO64SVN.js → chunk-ZFUBVSZD.js} +0 -4
- package/dist/{chunk-2LQ7T2GE.js → chunk-ZKMUJOIP.js} +1 -1
- package/dist/{chunk-OSBTXYDD.cjs → chunk-ZUUQ3FFY.cjs} +125 -14
- package/dist/client/plugins.cjs +45 -12
- package/dist/client/plugins.d.cts +45 -7
- package/dist/client/plugins.d.ts +45 -7
- package/dist/client/plugins.js +45 -12
- package/dist/client.d.cts +6 -7
- package/dist/client.d.ts +6 -7
- package/dist/cookies.d.cts +2 -2
- package/dist/cookies.d.ts +2 -2
- package/dist/db.cjs +13 -13
- package/dist/db.d.cts +3 -3
- package/dist/db.d.ts +3 -3
- package/dist/db.js +2 -2
- package/dist/index-Bszx4yMW.d.cts +7755 -0
- package/dist/{index-Ba5bMY6A.d.cts → index-BuRgaJZR.d.cts} +194 -2
- package/dist/index-DbIhOM3X.d.ts +7755 -0
- package/dist/{index-XrJz4AYF.d.ts → index-moQjyfmm.d.ts} +194 -2
- package/dist/index.cjs +18 -18
- package/dist/index.d.cts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.js +8 -8
- package/dist/next-js.cjs +23 -23
- package/dist/next-js.d.cts +2 -2
- package/dist/next-js.d.ts +2 -2
- package/dist/next-js.js +22 -22
- package/dist/node.d.cts +2 -2
- package/dist/node.d.ts +2 -2
- package/dist/oauth2.cjs +9 -9
- package/dist/oauth2.d.cts +6 -5
- package/dist/oauth2.d.ts +6 -5
- package/dist/oauth2.js +2 -2
- package/dist/plugins/admin.cjs +6 -6
- package/dist/plugins/admin.d.cts +162 -31
- package/dist/plugins/admin.d.ts +162 -31
- package/dist/plugins/admin.js +5 -5
- package/dist/plugins/anonymous.cjs +6 -6
- package/dist/plugins/anonymous.d.cts +8 -4
- package/dist/plugins/anonymous.d.ts +8 -4
- package/dist/plugins/anonymous.js +5 -5
- package/dist/plugins/bearer.cjs +6 -6
- package/dist/plugins/bearer.d.cts +2 -2
- package/dist/plugins/bearer.d.ts +2 -2
- package/dist/plugins/bearer.js +5 -5
- package/dist/{plugin → plugins}/custom-session.cjs +6 -6
- package/dist/{plugin → plugins}/custom-session.d.cts +8 -4
- package/dist/{plugin → plugins}/custom-session.d.ts +8 -4
- package/dist/{plugin → plugins}/custom-session.js +5 -5
- package/dist/plugins/email-otp.cjs +6 -6
- package/dist/plugins/email-otp.d.cts +44 -16
- package/dist/plugins/email-otp.d.ts +44 -16
- package/dist/plugins/email-otp.js +5 -5
- package/dist/plugins/generic-oauth.cjs +6 -6
- package/dist/plugins/generic-oauth.d.cts +95 -6
- package/dist/plugins/generic-oauth.d.ts +95 -6
- package/dist/plugins/generic-oauth.js +5 -5
- package/dist/plugins/jwt.cjs +6 -6
- package/dist/plugins/jwt.d.cts +28 -6
- package/dist/plugins/jwt.d.ts +28 -6
- package/dist/plugins/jwt.js +5 -5
- package/dist/plugins/magic-link.cjs +6 -6
- package/dist/plugins/magic-link.d.cts +16 -4
- package/dist/plugins/magic-link.d.ts +16 -4
- package/dist/plugins/magic-link.js +5 -5
- package/dist/plugins/multi-session.cjs +6 -6
- package/dist/plugins/multi-session.d.cts +20 -8
- package/dist/plugins/multi-session.d.ts +20 -8
- package/dist/plugins/multi-session.js +5 -5
- package/dist/plugins/oidc-provider.cjs +6 -6
- package/dist/plugins/oidc-provider.d.cts +43 -15
- package/dist/plugins/oidc-provider.d.ts +43 -15
- package/dist/plugins/oidc-provider.js +5 -5
- package/dist/plugins/one-tap.cjs +6 -6
- package/dist/plugins/one-tap.d.cts +13 -2
- package/dist/plugins/one-tap.d.ts +13 -2
- package/dist/plugins/one-tap.js +5 -5
- package/dist/plugins/open-api.cjs +7 -7
- package/dist/plugins/open-api.d.cts +14 -6
- package/dist/plugins/open-api.d.ts +14 -6
- package/dist/plugins/open-api.js +6 -6
- package/dist/plugins/organization.cjs +6 -6
- package/dist/plugins/organization.d.cts +3 -3
- package/dist/plugins/organization.d.ts +3 -3
- package/dist/plugins/organization.js +5 -5
- package/dist/plugins/passkey.cjs +17 -17
- package/dist/plugins/passkey.d.cts +44 -16
- package/dist/plugins/passkey.d.ts +44 -16
- package/dist/plugins/passkey.js +4 -4
- package/dist/plugins/phone-number.cjs +6 -6
- package/dist/plugins/phone-number.d.cts +122 -9
- package/dist/plugins/phone-number.d.ts +122 -9
- package/dist/plugins/phone-number.js +5 -5
- package/dist/plugins/sso.cjs +26 -18
- package/dist/plugins/sso.d.cts +24 -8
- package/dist/plugins/sso.d.ts +24 -8
- package/dist/plugins/sso.js +13 -5
- package/dist/plugins/two-factor.cjs +6 -6
- package/dist/plugins/two-factor.d.cts +62 -22
- package/dist/plugins/two-factor.d.ts +62 -22
- package/dist/plugins/two-factor.js +5 -5
- package/dist/plugins/username.cjs +6 -6
- package/dist/plugins/username.d.cts +36 -4
- package/dist/plugins/username.d.ts +36 -4
- package/dist/plugins/username.js +5 -5
- package/dist/plugins.cjs +42 -42
- package/dist/plugins.d.cts +11 -7
- package/dist/plugins.d.ts +11 -7
- package/dist/plugins.js +22 -22
- package/dist/react.d.cts +7 -9
- package/dist/react.d.ts +7 -9
- package/dist/social.cjs +32 -20
- package/dist/social.d.cts +1 -1
- package/dist/social.d.ts +1 -1
- package/dist/social.js +3 -3
- package/dist/solid.d.cts +7 -7
- package/dist/solid.d.ts +7 -7
- package/dist/{state-Cm8el5M1.d.ts → state-BlQHfd32.d.ts} +1 -1
- package/dist/{state-DcraY2_H.d.cts → state-lA7cG1Em.d.cts} +1 -1
- package/dist/svelte-kit.d.cts +2 -2
- package/dist/svelte-kit.d.ts +2 -2
- package/dist/svelte.d.cts +7 -7
- package/dist/svelte.d.ts +7 -7
- package/dist/types.d.cts +4 -4
- package/dist/types.d.ts +4 -4
- package/dist/vue.d.cts +7 -7
- package/dist/vue.d.ts +7 -7
- package/package.json +4 -4
- package/dist/index-CvlKSqnF.d.cts +0 -4023
- package/dist/index-Ivs2EsUL.d.ts +0 -4023
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
var chunkZBKCS3KP_cjs = require('./chunk-ZBKCS3KP.cjs');
|
|
4
4
|
var chunkEHFDU6IF_cjs = require('./chunk-EHFDU6IF.cjs');
|
|
5
|
-
var
|
|
5
|
+
var chunkN7UWN6ND_cjs = require('./chunk-N7UWN6ND.cjs');
|
|
6
6
|
var chunkV6HE2MP7_cjs = require('./chunk-V6HE2MP7.cjs');
|
|
7
7
|
var chunkB5UCLTPZ_cjs = require('./chunk-B5UCLTPZ.cjs');
|
|
8
8
|
var chunkG2LZ73E2_cjs = require('./chunk-G2LZ73E2.cjs');
|
|
@@ -14,7 +14,7 @@ var otp = require('@better-auth/utils/otp');
|
|
|
14
14
|
// src/plugins/two-factor/constant.ts
|
|
15
15
|
var TWO_FACTOR_COOKIE_NAME = "two_factor";
|
|
16
16
|
var TRUST_DEVICE_COOKIE_NAME = "trust_device";
|
|
17
|
-
var verifyTwoFactorMiddleware =
|
|
17
|
+
var verifyTwoFactorMiddleware = chunkN7UWN6ND_cjs.createAuthMiddleware(
|
|
18
18
|
{
|
|
19
19
|
body: zod.z.object({
|
|
20
20
|
/**
|
|
@@ -26,7 +26,7 @@ var verifyTwoFactorMiddleware = chunkPIWBUHRB_cjs.createAuthMiddleware(
|
|
|
26
26
|
})
|
|
27
27
|
},
|
|
28
28
|
async (ctx) => {
|
|
29
|
-
const session = await
|
|
29
|
+
const session = await chunkN7UWN6ND_cjs.getSessionFromCtx(ctx);
|
|
30
30
|
if (!session) {
|
|
31
31
|
const cookieName = ctx.context.createAuthCookie(TWO_FACTOR_COOKIE_NAME);
|
|
32
32
|
const userId = await ctx.getSignedCookie(
|
|
@@ -172,7 +172,7 @@ var backupCode2fa = (options) => {
|
|
|
172
172
|
return {
|
|
173
173
|
id: "backup_code",
|
|
174
174
|
endpoints: {
|
|
175
|
-
verifyBackupCode:
|
|
175
|
+
verifyBackupCode: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
176
176
|
"/two-factor/verify-backup-code",
|
|
177
177
|
{
|
|
178
178
|
method: "POST",
|
|
@@ -241,14 +241,14 @@ var backupCode2fa = (options) => {
|
|
|
241
241
|
});
|
|
242
242
|
}
|
|
243
243
|
),
|
|
244
|
-
generateBackupCodes:
|
|
244
|
+
generateBackupCodes: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
245
245
|
"/two-factor/generate-backup-codes",
|
|
246
246
|
{
|
|
247
247
|
method: "POST",
|
|
248
248
|
body: zod.z.object({
|
|
249
249
|
password: zod.z.string()
|
|
250
250
|
}),
|
|
251
|
-
use: [
|
|
251
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware]
|
|
252
252
|
},
|
|
253
253
|
async (ctx) => {
|
|
254
254
|
const user = ctx.context.session.user;
|
|
@@ -280,7 +280,7 @@ var backupCode2fa = (options) => {
|
|
|
280
280
|
});
|
|
281
281
|
}
|
|
282
282
|
),
|
|
283
|
-
viewBackupCodes:
|
|
283
|
+
viewBackupCodes: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
284
284
|
"/two-factor/view-backup-codes",
|
|
285
285
|
{
|
|
286
286
|
method: "GET",
|
|
@@ -331,7 +331,7 @@ var otp2fa = (options) => {
|
|
|
331
331
|
period: (options?.period || 3) * 60 * 1e3
|
|
332
332
|
};
|
|
333
333
|
const twoFactorTable = "twoFactor";
|
|
334
|
-
const send2FaOTP =
|
|
334
|
+
const send2FaOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
335
335
|
"/two-factor/send-otp",
|
|
336
336
|
{
|
|
337
337
|
method: "POST",
|
|
@@ -402,7 +402,7 @@ var otp2fa = (options) => {
|
|
|
402
402
|
return ctx.json({ status: true });
|
|
403
403
|
}
|
|
404
404
|
);
|
|
405
|
-
const verifyOTP =
|
|
405
|
+
const verifyOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
406
406
|
"/two-factor/verify-otp",
|
|
407
407
|
{
|
|
408
408
|
method: "POST",
|
|
@@ -493,11 +493,11 @@ var totp2fa = (options) => {
|
|
|
493
493
|
period: options?.period || 30
|
|
494
494
|
};
|
|
495
495
|
const twoFactorTable = "twoFactor";
|
|
496
|
-
const generateTOTP =
|
|
496
|
+
const generateTOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
497
497
|
"/totp/generate",
|
|
498
498
|
{
|
|
499
499
|
method: "POST",
|
|
500
|
-
use: [
|
|
500
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware],
|
|
501
501
|
metadata: {
|
|
502
502
|
openapi: {
|
|
503
503
|
summary: "Generate TOTP code",
|
|
@@ -553,11 +553,11 @@ var totp2fa = (options) => {
|
|
|
553
553
|
return { code };
|
|
554
554
|
}
|
|
555
555
|
);
|
|
556
|
-
const getTOTPURI =
|
|
556
|
+
const getTOTPURI = chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
557
557
|
"/two-factor/get-totp-uri",
|
|
558
558
|
{
|
|
559
559
|
method: "POST",
|
|
560
|
-
use: [
|
|
560
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware],
|
|
561
561
|
body: zod.z.object({
|
|
562
562
|
password: zod.z.string({
|
|
563
563
|
description: "User password"
|
|
@@ -625,7 +625,7 @@ var totp2fa = (options) => {
|
|
|
625
625
|
};
|
|
626
626
|
}
|
|
627
627
|
);
|
|
628
|
-
const verifyTOTP =
|
|
628
|
+
const verifyTOTP = chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
629
629
|
"/two-factor/verify-totp",
|
|
630
630
|
{
|
|
631
631
|
method: "POST",
|
|
@@ -779,7 +779,7 @@ var twoFactor = (options) => {
|
|
|
779
779
|
...totp.endpoints,
|
|
780
780
|
...otp$1.endpoints,
|
|
781
781
|
...backupCode.endpoints,
|
|
782
|
-
enableTwoFactor:
|
|
782
|
+
enableTwoFactor: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
783
783
|
"/two-factor/enable",
|
|
784
784
|
{
|
|
785
785
|
method: "POST",
|
|
@@ -788,7 +788,7 @@ var twoFactor = (options) => {
|
|
|
788
788
|
description: "User password"
|
|
789
789
|
}).min(8)
|
|
790
790
|
}),
|
|
791
|
-
use: [
|
|
791
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware],
|
|
792
792
|
metadata: {
|
|
793
793
|
openapi: {
|
|
794
794
|
summary: "Enable two factor authentication",
|
|
@@ -830,7 +830,7 @@ var twoFactor = (options) => {
|
|
|
830
830
|
});
|
|
831
831
|
if (!isPasswordValid) {
|
|
832
832
|
throw new betterCall.APIError("BAD_REQUEST", {
|
|
833
|
-
message:
|
|
833
|
+
message: chunkN7UWN6ND_cjs.BASE_ERROR_CODES.INVALID_PASSWORD
|
|
834
834
|
});
|
|
835
835
|
}
|
|
836
836
|
const secret = chunkG2LZ73E2_cjs.generateRandomString(32);
|
|
@@ -887,7 +887,7 @@ var twoFactor = (options) => {
|
|
|
887
887
|
return ctx.json({ totpURI, backupCodes: backupCodes.backupCodes });
|
|
888
888
|
}
|
|
889
889
|
),
|
|
890
|
-
disableTwoFactor:
|
|
890
|
+
disableTwoFactor: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
891
891
|
"/two-factor/disable",
|
|
892
892
|
{
|
|
893
893
|
method: "POST",
|
|
@@ -896,7 +896,7 @@ var twoFactor = (options) => {
|
|
|
896
896
|
description: "User password"
|
|
897
897
|
}).min(8)
|
|
898
898
|
}),
|
|
899
|
-
use: [
|
|
899
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware],
|
|
900
900
|
metadata: {
|
|
901
901
|
openapi: {
|
|
902
902
|
summary: "Disable two factor authentication",
|
|
@@ -972,7 +972,7 @@ var twoFactor = (options) => {
|
|
|
972
972
|
matcher(context) {
|
|
973
973
|
return context.path === "/sign-in/email" || context.path === "/sign-in/username" || context.path === "/sign-in/phone-number";
|
|
974
974
|
},
|
|
975
|
-
handler:
|
|
975
|
+
handler: chunkN7UWN6ND_cjs.createAuthMiddleware(async (ctx) => {
|
|
976
976
|
const data = ctx.context.newSession;
|
|
977
977
|
if (!data) {
|
|
978
978
|
return;
|
|
@@ -90,13 +90,16 @@ function getWithHooks(adapter, ctx) {
|
|
|
90
90
|
for (const hook of hooks || []) {
|
|
91
91
|
const toRun = hook[model]?.create?.before;
|
|
92
92
|
if (toRun) {
|
|
93
|
-
const result = await toRun(
|
|
93
|
+
const result = await toRun(actualData);
|
|
94
94
|
if (result === false) {
|
|
95
95
|
return null;
|
|
96
96
|
}
|
|
97
97
|
const isObject = typeof result === "object" && "data" in result;
|
|
98
98
|
if (isObject) {
|
|
99
|
-
actualData =
|
|
99
|
+
actualData = {
|
|
100
|
+
...actualData,
|
|
101
|
+
...result.data
|
|
102
|
+
};
|
|
100
103
|
}
|
|
101
104
|
}
|
|
102
105
|
}
|
|
@@ -272,6 +275,12 @@ var createInternalAdapter = (adapter, ctx) => {
|
|
|
272
275
|
});
|
|
273
276
|
return users;
|
|
274
277
|
},
|
|
278
|
+
countTotalUsers: async () => {
|
|
279
|
+
const total = await adapter.count({
|
|
280
|
+
model: "user"
|
|
281
|
+
});
|
|
282
|
+
return total;
|
|
283
|
+
},
|
|
275
284
|
deleteUser: async (userId) => {
|
|
276
285
|
if (secondaryStorage) {
|
|
277
286
|
await secondaryStorage.delete(`active-sessions-${userId}`);
|
|
@@ -795,6 +804,18 @@ var createInternalAdapter = (adapter, ctx) => {
|
|
|
795
804
|
},
|
|
796
805
|
limit: 1
|
|
797
806
|
});
|
|
807
|
+
if (!options.verification?.disableCleanup) {
|
|
808
|
+
await adapter.deleteMany({
|
|
809
|
+
model: "verification",
|
|
810
|
+
where: [
|
|
811
|
+
{
|
|
812
|
+
field: "expiresAt",
|
|
813
|
+
value: (/* @__PURE__ */ new Date()).toISOString(),
|
|
814
|
+
operator: "lt"
|
|
815
|
+
}
|
|
816
|
+
]
|
|
817
|
+
});
|
|
818
|
+
}
|
|
798
819
|
const lastVerification = verification[0];
|
|
799
820
|
return lastVerification;
|
|
800
821
|
},
|
|
@@ -1249,6 +1270,9 @@ var memoryAdapter = (db) => (options) => {
|
|
|
1249
1270
|
}
|
|
1250
1271
|
return table.map((record) => transformOutput(record, model));
|
|
1251
1272
|
},
|
|
1273
|
+
count: async ({ model }) => {
|
|
1274
|
+
return db[model].length;
|
|
1275
|
+
},
|
|
1252
1276
|
update: async ({ model, where, update }) => {
|
|
1253
1277
|
const table = db[model];
|
|
1254
1278
|
const res = convertWhereClause(where, table, model);
|
|
@@ -1858,6 +1882,19 @@ var kyselyAdapter = (db, config) => (opts) => {
|
|
|
1858
1882
|
const res = await query.execute();
|
|
1859
1883
|
return res.length;
|
|
1860
1884
|
},
|
|
1885
|
+
async count(data) {
|
|
1886
|
+
const { model, where } = data;
|
|
1887
|
+
const { and, or } = convertWhereClause(model, where);
|
|
1888
|
+
let query = db.selectFrom(getModelName(model)).select(db.fn.count("id").as("count"));
|
|
1889
|
+
if (and) {
|
|
1890
|
+
query = query.where((eb) => eb.and(and.map((expr) => expr(eb))));
|
|
1891
|
+
}
|
|
1892
|
+
if (or) {
|
|
1893
|
+
query = query.where((eb) => eb.or(or.map((expr) => expr(eb))));
|
|
1894
|
+
}
|
|
1895
|
+
const res = await query.execute();
|
|
1896
|
+
return res[0].count;
|
|
1897
|
+
},
|
|
1861
1898
|
async delete(data) {
|
|
1862
1899
|
const { model, where } = data;
|
|
1863
1900
|
const { and, or } = convertWhereClause(model, where);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var chunkN7UWN6ND_cjs = require('./chunk-N7UWN6ND.cjs');
|
|
4
4
|
var chunkV6HE2MP7_cjs = require('./chunk-V6HE2MP7.cjs');
|
|
5
5
|
var chunkG2LZ73E2_cjs = require('./chunk-G2LZ73E2.cjs');
|
|
6
6
|
var jose = require('jose');
|
|
@@ -136,7 +136,7 @@ async function authorize(ctx, options) {
|
|
|
136
136
|
error: "invalid_request"
|
|
137
137
|
});
|
|
138
138
|
}
|
|
139
|
-
const session = await
|
|
139
|
+
const session = await chunkN7UWN6ND_cjs.getSessionFromCtx(ctx);
|
|
140
140
|
if (!session) {
|
|
141
141
|
await ctx.setSignedCookie(
|
|
142
142
|
"oidc_login_prompt",
|
|
@@ -332,7 +332,7 @@ var getMetadata = (ctx, options) => {
|
|
|
332
332
|
issuer,
|
|
333
333
|
authorization_endpoint: `${baseURL}/oauth2/authorize`,
|
|
334
334
|
token_endpoint: `${baseURL}/oauth2/token`,
|
|
335
|
-
|
|
335
|
+
userinfo_endpoint: `${baseURL}/oauth2/userinfo`,
|
|
336
336
|
jwks_uri: `${baseURL}/jwks`,
|
|
337
337
|
registration_endpoint: `${baseURL}/oauth2/register`,
|
|
338
338
|
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
@@ -392,7 +392,7 @@ var oidcProvider = (options) => {
|
|
|
392
392
|
matcher() {
|
|
393
393
|
return true;
|
|
394
394
|
},
|
|
395
|
-
handler:
|
|
395
|
+
handler: chunkN7UWN6ND_cjs.createAuthMiddleware(async (ctx) => {
|
|
396
396
|
const cookie = await ctx.getSignedCookie(
|
|
397
397
|
"oidc_login_prompt",
|
|
398
398
|
ctx.context.secret
|
|
@@ -427,7 +427,7 @@ var oidcProvider = (options) => {
|
|
|
427
427
|
]
|
|
428
428
|
},
|
|
429
429
|
endpoints: {
|
|
430
|
-
getOpenIdConfig:
|
|
430
|
+
getOpenIdConfig: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
431
431
|
"/.well-known/openid-configuration",
|
|
432
432
|
{
|
|
433
433
|
method: "GET"
|
|
@@ -437,7 +437,7 @@ var oidcProvider = (options) => {
|
|
|
437
437
|
return ctx.json(metadata);
|
|
438
438
|
}
|
|
439
439
|
),
|
|
440
|
-
oAuth2authorize:
|
|
440
|
+
oAuth2authorize: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
441
441
|
"/oauth2/authorize",
|
|
442
442
|
{
|
|
443
443
|
method: "GET",
|
|
@@ -447,14 +447,14 @@ var oidcProvider = (options) => {
|
|
|
447
447
|
return authorize(ctx, opts);
|
|
448
448
|
}
|
|
449
449
|
),
|
|
450
|
-
oAuthConsent:
|
|
450
|
+
oAuthConsent: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
451
451
|
"/oauth2/consent",
|
|
452
452
|
{
|
|
453
453
|
method: "POST",
|
|
454
454
|
body: zod.z.object({
|
|
455
455
|
accept: zod.z.boolean()
|
|
456
456
|
}),
|
|
457
|
-
use: [
|
|
457
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware]
|
|
458
458
|
},
|
|
459
459
|
async (ctx) => {
|
|
460
460
|
const storedCode = await ctx.getSignedCookie(
|
|
@@ -462,30 +462,27 @@ var oidcProvider = (options) => {
|
|
|
462
462
|
ctx.context.secret
|
|
463
463
|
);
|
|
464
464
|
if (!storedCode) {
|
|
465
|
-
throw new
|
|
465
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
466
466
|
error_description: "No consent prompt found",
|
|
467
467
|
error: "invalid_grant"
|
|
468
468
|
});
|
|
469
469
|
}
|
|
470
470
|
const verification = await ctx.context.internalAdapter.findVerificationValue(storedCode);
|
|
471
471
|
if (!verification) {
|
|
472
|
-
throw new
|
|
472
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
473
473
|
error_description: "Invalid code",
|
|
474
474
|
error: "invalid_grant"
|
|
475
475
|
});
|
|
476
476
|
}
|
|
477
477
|
if (verification.expiresAt < /* @__PURE__ */ new Date()) {
|
|
478
|
-
|
|
479
|
-
verification.id
|
|
480
|
-
);
|
|
481
|
-
throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
|
|
478
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
482
479
|
error_description: "Code expired",
|
|
483
480
|
error: "invalid_grant"
|
|
484
481
|
});
|
|
485
482
|
}
|
|
486
483
|
const value = JSON.parse(verification.value);
|
|
487
484
|
if (!value.requireConsent || !value.state) {
|
|
488
|
-
throw new
|
|
485
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
489
486
|
error_description: "Consent not required",
|
|
490
487
|
error: "invalid_grant"
|
|
491
488
|
});
|
|
@@ -531,7 +528,7 @@ var oidcProvider = (options) => {
|
|
|
531
528
|
});
|
|
532
529
|
}
|
|
533
530
|
),
|
|
534
|
-
oAuth2token:
|
|
531
|
+
oAuth2token: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
535
532
|
"/oauth2/token",
|
|
536
533
|
{
|
|
537
534
|
method: "POST",
|
|
@@ -543,7 +540,7 @@ var oidcProvider = (options) => {
|
|
|
543
540
|
async (ctx) => {
|
|
544
541
|
let { body } = ctx;
|
|
545
542
|
if (!body) {
|
|
546
|
-
throw new
|
|
543
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
547
544
|
error_description: "request body not found",
|
|
548
545
|
error: "invalid_request"
|
|
549
546
|
});
|
|
@@ -552,7 +549,7 @@ var oidcProvider = (options) => {
|
|
|
552
549
|
body = Object.fromEntries(body.entries());
|
|
553
550
|
}
|
|
554
551
|
if (!(body instanceof Object)) {
|
|
555
|
-
throw new
|
|
552
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
556
553
|
error_description: "request body is not an object",
|
|
557
554
|
error: "invalid_request"
|
|
558
555
|
});
|
|
@@ -568,7 +565,7 @@ var oidcProvider = (options) => {
|
|
|
568
565
|
} = body;
|
|
569
566
|
if (grant_type === "refresh_token") {
|
|
570
567
|
if (!refresh_token) {
|
|
571
|
-
throw new
|
|
568
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
572
569
|
error_description: "refresh_token is required",
|
|
573
570
|
error: "invalid_request"
|
|
574
571
|
});
|
|
@@ -583,19 +580,19 @@ var oidcProvider = (options) => {
|
|
|
583
580
|
]
|
|
584
581
|
});
|
|
585
582
|
if (!token) {
|
|
586
|
-
throw new
|
|
583
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
587
584
|
error_description: "invalid refresh token",
|
|
588
585
|
error: "invalid_grant"
|
|
589
586
|
});
|
|
590
587
|
}
|
|
591
588
|
if (token.clientId !== client_id?.toString()) {
|
|
592
|
-
throw new
|
|
589
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
593
590
|
error_description: "invalid client_id",
|
|
594
591
|
error: "invalid_client"
|
|
595
592
|
});
|
|
596
593
|
}
|
|
597
594
|
if (token.refreshTokenExpiresAt < /* @__PURE__ */ new Date()) {
|
|
598
|
-
throw new
|
|
595
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
599
596
|
error_description: "refresh token expired",
|
|
600
597
|
error: "invalid_grant"
|
|
601
598
|
});
|
|
@@ -631,13 +628,13 @@ var oidcProvider = (options) => {
|
|
|
631
628
|
});
|
|
632
629
|
}
|
|
633
630
|
if (!code) {
|
|
634
|
-
throw new
|
|
631
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
635
632
|
error_description: "code is required",
|
|
636
633
|
error: "invalid_request"
|
|
637
634
|
});
|
|
638
635
|
}
|
|
639
636
|
if (options.requirePKCE && !code_verifier) {
|
|
640
|
-
throw new
|
|
637
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
641
638
|
error_description: "code verifier is missing",
|
|
642
639
|
error: "invalid_request"
|
|
643
640
|
});
|
|
@@ -646,16 +643,13 @@ var oidcProvider = (options) => {
|
|
|
646
643
|
code.toString()
|
|
647
644
|
);
|
|
648
645
|
if (!verificationValue) {
|
|
649
|
-
throw new
|
|
646
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
650
647
|
error_description: "invalid code",
|
|
651
648
|
error: "invalid_grant"
|
|
652
649
|
});
|
|
653
650
|
}
|
|
654
651
|
if (verificationValue.expiresAt < /* @__PURE__ */ new Date()) {
|
|
655
|
-
|
|
656
|
-
verificationValue.id
|
|
657
|
-
);
|
|
658
|
-
throw new chunkPIWBUHRB_cjs.APIError("UNAUTHORIZED", {
|
|
652
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
659
653
|
error_description: "code expired",
|
|
660
654
|
error: "invalid_grant"
|
|
661
655
|
});
|
|
@@ -664,25 +658,25 @@ var oidcProvider = (options) => {
|
|
|
664
658
|
verificationValue.id
|
|
665
659
|
);
|
|
666
660
|
if (!client_id || !client_secret) {
|
|
667
|
-
throw new
|
|
661
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
668
662
|
error_description: "client_id and client_secret are required",
|
|
669
663
|
error: "invalid_client"
|
|
670
664
|
});
|
|
671
665
|
}
|
|
672
666
|
if (!grant_type) {
|
|
673
|
-
throw new
|
|
667
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
674
668
|
error_description: "grant_type is required",
|
|
675
669
|
error: "invalid_request"
|
|
676
670
|
});
|
|
677
671
|
}
|
|
678
672
|
if (grant_type !== "authorization_code") {
|
|
679
|
-
throw new
|
|
673
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
680
674
|
error_description: "grant_type must be 'authorization_code'",
|
|
681
675
|
error: "unsupported_grant_type"
|
|
682
676
|
});
|
|
683
677
|
}
|
|
684
678
|
if (!redirect_uri) {
|
|
685
|
-
throw new
|
|
679
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
686
680
|
error_description: "redirect_uri is required",
|
|
687
681
|
error: "invalid_request"
|
|
688
682
|
});
|
|
@@ -701,20 +695,20 @@ var oidcProvider = (options) => {
|
|
|
701
695
|
};
|
|
702
696
|
});
|
|
703
697
|
if (!client) {
|
|
704
|
-
throw new
|
|
698
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
705
699
|
error_description: "invalid client_id",
|
|
706
700
|
error: "invalid_client"
|
|
707
701
|
});
|
|
708
702
|
}
|
|
709
703
|
if (client.disabled) {
|
|
710
|
-
throw new
|
|
704
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
711
705
|
error_description: "client is disabled",
|
|
712
706
|
error: "invalid_client"
|
|
713
707
|
});
|
|
714
708
|
}
|
|
715
709
|
const isValidSecret = client.clientSecret === client_secret.toString();
|
|
716
710
|
if (!isValidSecret) {
|
|
717
|
-
throw new
|
|
711
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
718
712
|
error_description: "invalid client_secret",
|
|
719
713
|
error: "invalid_client"
|
|
720
714
|
});
|
|
@@ -723,19 +717,19 @@ var oidcProvider = (options) => {
|
|
|
723
717
|
verificationValue.value
|
|
724
718
|
);
|
|
725
719
|
if (value.clientId !== client_id.toString()) {
|
|
726
|
-
throw new
|
|
720
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
727
721
|
error_description: "invalid client_id",
|
|
728
722
|
error: "invalid_client"
|
|
729
723
|
});
|
|
730
724
|
}
|
|
731
725
|
if (value.redirectURI !== redirect_uri.toString()) {
|
|
732
|
-
throw new
|
|
726
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
733
727
|
error_description: "invalid redirect_uri",
|
|
734
728
|
error: "invalid_client"
|
|
735
729
|
});
|
|
736
730
|
}
|
|
737
731
|
if (value.codeChallenge && !code_verifier) {
|
|
738
|
-
throw new
|
|
732
|
+
throw new chunkN7UWN6ND_cjs.APIError("BAD_REQUEST", {
|
|
739
733
|
error_description: "code verifier is missing",
|
|
740
734
|
error: "invalid_request"
|
|
741
735
|
});
|
|
@@ -744,7 +738,7 @@ var oidcProvider = (options) => {
|
|
|
744
738
|
code_verifier
|
|
745
739
|
);
|
|
746
740
|
if (challenge !== value.codeChallenge) {
|
|
747
|
-
throw new
|
|
741
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
748
742
|
error_description: "code verification failed",
|
|
749
743
|
error: "invalid_request"
|
|
750
744
|
});
|
|
@@ -779,7 +773,7 @@ var oidcProvider = (options) => {
|
|
|
779
773
|
value.userId
|
|
780
774
|
);
|
|
781
775
|
if (!user) {
|
|
782
|
-
throw new
|
|
776
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
783
777
|
error_description: "user not found",
|
|
784
778
|
error: "invalid_grant"
|
|
785
779
|
});
|
|
@@ -840,7 +834,7 @@ var oidcProvider = (options) => {
|
|
|
840
834
|
);
|
|
841
835
|
}
|
|
842
836
|
),
|
|
843
|
-
oAuth2userInfo:
|
|
837
|
+
oAuth2userInfo: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
844
838
|
"/oauth2/userinfo",
|
|
845
839
|
{
|
|
846
840
|
method: "GET",
|
|
@@ -850,14 +844,14 @@ var oidcProvider = (options) => {
|
|
|
850
844
|
},
|
|
851
845
|
async (ctx) => {
|
|
852
846
|
if (!ctx.request) {
|
|
853
|
-
throw new
|
|
847
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
854
848
|
error_description: "request not found",
|
|
855
849
|
error: "invalid_request"
|
|
856
850
|
});
|
|
857
851
|
}
|
|
858
852
|
const authorization = ctx.request.headers.get("authorization");
|
|
859
853
|
if (!authorization) {
|
|
860
|
-
throw new
|
|
854
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
861
855
|
error_description: "authorization header not found",
|
|
862
856
|
error: "invalid_request"
|
|
863
857
|
});
|
|
@@ -873,13 +867,13 @@ var oidcProvider = (options) => {
|
|
|
873
867
|
]
|
|
874
868
|
});
|
|
875
869
|
if (!accessToken) {
|
|
876
|
-
throw new
|
|
870
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
877
871
|
error_description: "invalid access token",
|
|
878
872
|
error: "invalid_token"
|
|
879
873
|
});
|
|
880
874
|
}
|
|
881
875
|
if (accessToken.accessTokenExpiresAt < /* @__PURE__ */ new Date()) {
|
|
882
|
-
throw new
|
|
876
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
883
877
|
error_description: "The Access Token expired",
|
|
884
878
|
error: "invalid_token"
|
|
885
879
|
});
|
|
@@ -888,7 +882,7 @@ var oidcProvider = (options) => {
|
|
|
888
882
|
accessToken.userId
|
|
889
883
|
);
|
|
890
884
|
if (!user) {
|
|
891
|
-
throw new
|
|
885
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
892
886
|
error_description: "user not found",
|
|
893
887
|
error: "invalid_token"
|
|
894
888
|
});
|
|
@@ -905,7 +899,7 @@ var oidcProvider = (options) => {
|
|
|
905
899
|
return ctx.json(userClaims);
|
|
906
900
|
}
|
|
907
901
|
),
|
|
908
|
-
registerOAuthApplication:
|
|
902
|
+
registerOAuthApplication: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
909
903
|
"/oauth2/register",
|
|
910
904
|
{
|
|
911
905
|
method: "POST",
|
|
@@ -918,9 +912,9 @@ var oidcProvider = (options) => {
|
|
|
918
912
|
},
|
|
919
913
|
async (ctx) => {
|
|
920
914
|
const body = ctx.body;
|
|
921
|
-
const session = await
|
|
915
|
+
const session = await chunkN7UWN6ND_cjs.getSessionFromCtx(ctx);
|
|
922
916
|
if (!session && !options.allowDynamicClientRegistration) {
|
|
923
|
-
throw new
|
|
917
|
+
throw new chunkN7UWN6ND_cjs.APIError("UNAUTHORIZED", {
|
|
924
918
|
message: "Unauthorized"
|
|
925
919
|
});
|
|
926
920
|
}
|
|
@@ -950,11 +944,11 @@ var oidcProvider = (options) => {
|
|
|
950
944
|
});
|
|
951
945
|
}
|
|
952
946
|
),
|
|
953
|
-
getOAuthClient:
|
|
947
|
+
getOAuthClient: chunkN7UWN6ND_cjs.createAuthEndpoint(
|
|
954
948
|
"/oauth2/client/:id",
|
|
955
949
|
{
|
|
956
950
|
method: "GET",
|
|
957
|
-
use: [
|
|
951
|
+
use: [chunkN7UWN6ND_cjs.sessionMiddleware]
|
|
958
952
|
},
|
|
959
953
|
async (ctx) => {
|
|
960
954
|
const client = await ctx.context.adapter.findOne(
|
|
@@ -964,7 +958,7 @@ var oidcProvider = (options) => {
|
|
|
964
958
|
}
|
|
965
959
|
);
|
|
966
960
|
if (!client) {
|
|
967
|
-
throw new
|
|
961
|
+
throw new chunkN7UWN6ND_cjs.APIError("NOT_FOUND", {
|
|
968
962
|
error_description: "client not found",
|
|
969
963
|
error: "not_found"
|
|
970
964
|
});
|