better-auth 1.2.6-beta.7 → 1.2.7-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/drizzle-adapter/index.cjs +186 -249
- package/dist/adapters/drizzle-adapter/index.d.cts +11 -49
- package/dist/adapters/drizzle-adapter/index.d.mts +11 -49
- package/dist/adapters/drizzle-adapter/index.d.ts +11 -49
- package/dist/adapters/drizzle-adapter/index.mjs +186 -249
- package/dist/adapters/index.cjs +26 -0
- package/dist/adapters/index.d.cts +17 -0
- package/dist/adapters/index.d.mts +17 -0
- package/dist/adapters/index.d.ts +17 -0
- package/dist/adapters/index.mjs +20 -0
- package/dist/adapters/kysely-adapter/index.cjs +7 -7
- package/dist/adapters/kysely-adapter/index.d.cts +17 -49
- package/dist/adapters/kysely-adapter/index.d.mts +17 -49
- package/dist/adapters/kysely-adapter/index.d.ts +17 -49
- package/dist/adapters/kysely-adapter/index.mjs +8 -8
- package/dist/adapters/memory-adapter/index.cjs +7 -8
- package/dist/adapters/memory-adapter/index.d.cts +9 -49
- package/dist/adapters/memory-adapter/index.d.mts +9 -49
- package/dist/adapters/memory-adapter/index.d.ts +9 -49
- package/dist/adapters/memory-adapter/index.mjs +8 -9
- package/dist/adapters/mongodb-adapter/index.cjs +2 -2
- package/dist/adapters/mongodb-adapter/index.d.cts +4 -4
- package/dist/adapters/mongodb-adapter/index.d.mts +4 -4
- package/dist/adapters/mongodb-adapter/index.d.ts +4 -4
- package/dist/adapters/mongodb-adapter/index.mjs +3 -3
- package/dist/adapters/prisma-adapter/index.cjs +130 -203
- package/dist/adapters/prisma-adapter/index.d.cts +17 -49
- package/dist/adapters/prisma-adapter/index.d.mts +17 -49
- package/dist/adapters/prisma-adapter/index.d.ts +17 -49
- package/dist/adapters/prisma-adapter/index.mjs +131 -204
- package/dist/adapters/test.cjs +710 -377
- package/dist/adapters/test.d.cts +64 -5
- package/dist/adapters/test.d.mts +64 -5
- package/dist/adapters/test.d.ts +64 -5
- package/dist/adapters/test.mjs +712 -380
- package/dist/api/index.cjs +61 -25
- package/dist/api/index.d.cts +3 -3
- package/dist/api/index.d.mts +3 -3
- package/dist/api/index.d.ts +3 -3
- package/dist/api/index.mjs +63 -27
- package/dist/client/index.d.cts +3 -3
- package/dist/client/index.d.mts +3 -3
- package/dist/client/index.d.ts +3 -3
- package/dist/client/plugins/index.cjs +13 -15
- package/dist/client/plugins/index.d.cts +80 -19
- package/dist/client/plugins/index.d.mts +80 -19
- package/dist/client/plugins/index.d.ts +80 -19
- package/dist/client/plugins/index.mjs +13 -16
- package/dist/client/react/index.cjs +4 -4
- package/dist/client/react/index.d.cts +3 -3
- package/dist/client/react/index.d.mts +3 -3
- package/dist/client/react/index.d.ts +3 -3
- package/dist/client/solid/index.d.cts +3 -3
- package/dist/client/solid/index.d.mts +3 -3
- package/dist/client/solid/index.d.ts +3 -3
- package/dist/client/svelte/index.d.cts +3 -3
- package/dist/client/svelte/index.d.mts +3 -3
- package/dist/client/svelte/index.d.ts +3 -3
- package/dist/client/vue/index.d.cts +3 -3
- package/dist/client/vue/index.d.mts +3 -3
- package/dist/client/vue/index.d.ts +3 -3
- package/dist/cookies/index.cjs +13 -2
- package/dist/cookies/index.d.cts +3 -3
- package/dist/cookies/index.d.mts +3 -3
- package/dist/cookies/index.d.ts +3 -3
- package/dist/cookies/index.mjs +13 -2
- package/dist/db/index.cjs +6 -5
- package/dist/db/index.d.cts +4 -4
- package/dist/db/index.d.mts +4 -4
- package/dist/db/index.d.ts +4 -4
- package/dist/db/index.mjs +7 -6
- package/dist/index.cjs +11 -7
- package/dist/index.d.cts +4 -4
- package/dist/index.d.mts +4 -4
- package/dist/index.d.ts +4 -4
- package/dist/index.mjs +14 -10
- package/dist/integrations/next-js.cjs +4 -5
- package/dist/integrations/next-js.d.cts +3 -3
- package/dist/integrations/next-js.d.mts +3 -3
- package/dist/integrations/next-js.d.ts +3 -3
- package/dist/integrations/next-js.mjs +5 -6
- package/dist/integrations/node.d.cts +3 -3
- package/dist/integrations/node.d.mts +3 -3
- package/dist/integrations/node.d.ts +3 -3
- package/dist/integrations/react-start.cjs +5 -6
- package/dist/integrations/react-start.d.cts +3 -3
- package/dist/integrations/react-start.d.mts +3 -3
- package/dist/integrations/react-start.d.ts +3 -3
- package/dist/integrations/react-start.mjs +6 -7
- package/dist/integrations/svelte-kit.d.cts +3 -3
- package/dist/integrations/svelte-kit.d.mts +3 -3
- package/dist/integrations/svelte-kit.d.ts +3 -3
- package/dist/oauth2/index.d.cts +5 -5
- package/dist/oauth2/index.d.mts +5 -5
- package/dist/oauth2/index.d.ts +5 -5
- package/dist/plugins/access/index.d.cts +1 -1
- package/dist/plugins/access/index.d.mts +1 -1
- package/dist/plugins/access/index.d.ts +1 -1
- package/dist/plugins/admin/access/index.d.cts +1 -1
- package/dist/plugins/admin/access/index.d.mts +1 -1
- package/dist/plugins/admin/access/index.d.ts +1 -1
- package/dist/plugins/admin/index.cjs +4 -4
- package/dist/plugins/admin/index.d.cts +74 -14
- package/dist/plugins/admin/index.d.mts +74 -14
- package/dist/plugins/admin/index.d.ts +74 -14
- package/dist/plugins/admin/index.mjs +5 -5
- package/dist/plugins/anonymous/index.cjs +4 -5
- package/dist/plugins/anonymous/index.d.cts +3 -3
- package/dist/plugins/anonymous/index.d.mts +3 -3
- package/dist/plugins/anonymous/index.d.ts +3 -3
- package/dist/plugins/anonymous/index.mjs +5 -6
- package/dist/plugins/bearer/index.cjs +2 -2
- package/dist/plugins/bearer/index.d.cts +3 -3
- package/dist/plugins/bearer/index.d.mts +3 -3
- package/dist/plugins/bearer/index.d.ts +3 -3
- package/dist/plugins/bearer/index.mjs +3 -3
- package/dist/plugins/captcha/index.cjs +110 -45
- package/dist/plugins/captcha/index.d.cts +26 -6
- package/dist/plugins/captcha/index.d.mts +26 -6
- package/dist/plugins/captcha/index.d.ts +26 -6
- package/dist/plugins/captcha/index.mjs +110 -45
- package/dist/plugins/custom-session/index.cjs +24 -5
- package/dist/plugins/custom-session/index.d.cts +25 -6
- package/dist/plugins/custom-session/index.d.mts +25 -6
- package/dist/plugins/custom-session/index.d.ts +25 -6
- package/dist/plugins/custom-session/index.mjs +25 -6
- package/dist/plugins/email-otp/index.cjs +96 -30
- package/dist/plugins/email-otp/index.d.cts +33 -10
- package/dist/plugins/email-otp/index.d.mts +33 -10
- package/dist/plugins/email-otp/index.d.ts +33 -10
- package/dist/plugins/email-otp/index.mjs +97 -31
- package/dist/plugins/generic-oauth/index.cjs +81 -20
- package/dist/plugins/generic-oauth/index.d.cts +46 -3
- package/dist/plugins/generic-oauth/index.d.mts +46 -3
- package/dist/plugins/generic-oauth/index.d.ts +46 -3
- package/dist/plugins/generic-oauth/index.mjs +82 -21
- package/dist/plugins/haveibeenpwned/index.cjs +98 -0
- package/dist/plugins/haveibeenpwned/index.d.cts +36 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +36 -0
- package/dist/plugins/haveibeenpwned/index.d.ts +36 -0
- package/dist/plugins/haveibeenpwned/index.mjs +96 -0
- package/dist/plugins/index.cjs +583 -19
- package/dist/plugins/index.d.cts +7 -5
- package/dist/plugins/index.d.mts +7 -5
- package/dist/plugins/index.d.ts +7 -5
- package/dist/plugins/index.mjs +583 -21
- package/dist/plugins/jwt/index.cjs +45 -21
- package/dist/plugins/jwt/index.d.cts +52 -6
- package/dist/plugins/jwt/index.d.mts +52 -6
- package/dist/plugins/jwt/index.d.ts +52 -6
- package/dist/plugins/jwt/index.mjs +46 -22
- package/dist/plugins/magic-link/index.cjs +3 -3
- package/dist/plugins/magic-link/index.mjs +4 -4
- package/dist/plugins/multi-session/index.cjs +3 -3
- package/dist/plugins/multi-session/index.d.cts +3 -3
- package/dist/plugins/multi-session/index.d.mts +3 -3
- package/dist/plugins/multi-session/index.d.ts +3 -3
- package/dist/plugins/multi-session/index.mjs +4 -4
- package/dist/plugins/oauth-proxy/index.cjs +4 -4
- package/dist/plugins/oauth-proxy/index.d.cts +3 -3
- package/dist/plugins/oauth-proxy/index.d.mts +3 -3
- package/dist/plugins/oauth-proxy/index.d.ts +3 -3
- package/dist/plugins/oauth-proxy/index.mjs +5 -5
- package/dist/plugins/oidc-provider/index.cjs +227 -8
- package/dist/plugins/oidc-provider/index.d.cts +215 -3
- package/dist/plugins/oidc-provider/index.d.mts +215 -3
- package/dist/plugins/oidc-provider/index.d.ts +215 -3
- package/dist/plugins/oidc-provider/index.mjs +228 -9
- package/dist/plugins/one-tap/index.cjs +5 -5
- package/dist/plugins/one-tap/index.mjs +6 -6
- package/dist/plugins/one-time-token/index.cjs +119 -0
- package/dist/plugins/one-time-token/index.d.cts +134 -0
- package/dist/plugins/one-time-token/index.d.mts +134 -0
- package/dist/plugins/one-time-token/index.d.ts +134 -0
- package/dist/plugins/one-time-token/index.mjs +117 -0
- package/dist/plugins/open-api/index.cjs +3 -3
- package/dist/plugins/open-api/index.d.cts +3 -3
- package/dist/plugins/open-api/index.d.mts +3 -3
- package/dist/plugins/open-api/index.d.ts +3 -3
- package/dist/plugins/open-api/index.mjs +4 -4
- package/dist/plugins/organization/access/index.d.cts +1 -1
- package/dist/plugins/organization/access/index.d.mts +1 -1
- package/dist/plugins/organization/access/index.d.ts +1 -1
- package/dist/plugins/organization/index.cjs +4 -4
- package/dist/plugins/organization/index.d.cts +708 -55
- package/dist/plugins/organization/index.d.mts +708 -55
- package/dist/plugins/organization/index.d.ts +708 -55
- package/dist/plugins/organization/index.mjs +5 -5
- package/dist/plugins/passkey/index.cjs +82 -8
- package/dist/plugins/passkey/index.d.cts +72 -3
- package/dist/plugins/passkey/index.d.mts +72 -3
- package/dist/plugins/passkey/index.d.ts +72 -3
- package/dist/plugins/passkey/index.mjs +83 -9
- package/dist/plugins/phone-number/index.cjs +194 -26
- package/dist/plugins/phone-number/index.d.cts +132 -8
- package/dist/plugins/phone-number/index.d.mts +132 -8
- package/dist/plugins/phone-number/index.d.ts +132 -8
- package/dist/plugins/phone-number/index.mjs +195 -27
- package/dist/plugins/sso/index.cjs +190 -7
- package/dist/plugins/sso/index.d.cts +181 -15
- package/dist/plugins/sso/index.d.mts +181 -15
- package/dist/plugins/sso/index.d.ts +181 -15
- package/dist/plugins/sso/index.mjs +191 -8
- package/dist/plugins/two-factor/index.cjs +443 -92
- package/dist/plugins/two-factor/index.d.cts +230 -396
- package/dist/plugins/two-factor/index.d.mts +230 -396
- package/dist/plugins/two-factor/index.d.ts +230 -396
- package/dist/plugins/two-factor/index.mjs +431 -80
- package/dist/plugins/username/index.cjs +34 -31
- package/dist/plugins/username/index.d.cts +15 -12
- package/dist/plugins/username/index.d.mts +15 -12
- package/dist/plugins/username/index.d.ts +15 -12
- package/dist/plugins/username/index.mjs +35 -32
- package/dist/shared/better-auth.1DR6suCQ.mjs +307 -0
- package/dist/shared/{better-auth.BSsp73pg.cjs → better-auth.B7cZ2juS.cjs} +15 -14
- package/dist/shared/{better-auth.bKwabe3I.d.mts → better-auth.B88xucNq.d.mts} +529 -39
- package/dist/shared/{better-auth.CApEjVDP.cjs → better-auth.BW8BpneG.cjs} +4 -1
- package/dist/shared/{better-auth.BiQsvaIP.d.cts → better-auth.BcU1Kjyq.d.cts} +2051 -518
- package/dist/shared/better-auth.BfG24BjZ.cjs +118 -0
- package/dist/shared/{better-auth.A3TjrU8G.mjs → better-auth.Bk5IMdhM.mjs} +32 -12
- package/dist/shared/{better-auth.D9VnBkRI.mjs → better-auth.Bm9HxIzE.mjs} +47 -24
- package/dist/shared/{better-auth.BRf6Iynu.d.ts → better-auth.Bwc-6kOr.d.ts} +1 -1
- package/dist/shared/{better-auth.D-oLmHIj.d.mts → better-auth.CA2hFK4N.d.ts} +2051 -518
- package/dist/shared/{better-auth.Dmhe30iW.d.mts → better-auth.CGukGrxT.d.cts} +1 -1
- package/dist/shared/{better-auth.CsSpq0zL.cjs → better-auth.CHUzBidy.cjs} +46 -23
- package/dist/shared/{better-auth.DWRligF8.d.cts → better-auth.CT9J6rD-.d.cts} +539 -7
- package/dist/shared/better-auth.CVCo5Z2T.cjs +310 -0
- package/dist/shared/{better-auth.D4jH-sJA.mjs → better-auth.CWwVo_61.mjs} +458 -118
- package/dist/shared/{better-auth.Bi8FQwDD.d.cts → better-auth.CYegVoq1.d.cts} +1 -1
- package/dist/shared/{better-auth.Bi8FQwDD.d.mts → better-auth.CYegVoq1.d.mts} +1 -1
- package/dist/shared/{better-auth.Bi8FQwDD.d.ts → better-auth.CYegVoq1.d.ts} +1 -1
- package/dist/shared/{better-auth.CepcSj5H.mjs → better-auth.Cc72UxUH.mjs} +1 -2
- package/dist/shared/{better-auth.BWp5dztg.d.ts → better-auth.CmN4mlPh.d.ts} +539 -7
- package/dist/shared/{better-auth.DH3YjMQH.mjs → better-auth.Cqykj82J.mjs} +1 -1
- package/dist/shared/{better-auth.wcdMj2cT.d.mts → better-auth.DIt2e3lu.d.mts} +539 -7
- package/dist/shared/{better-auth.BANAxdkL.d.ts → better-auth.DNTAFSt1.d.ts} +529 -39
- package/dist/shared/{better-auth.DU2QNVc_.d.ts → better-auth.DQ7OSJbI.d.mts} +2051 -518
- package/dist/shared/{better-auth.DLTzKoOS.cjs → better-auth.DSVbLSt7.cjs} +4 -1
- package/dist/shared/{better-auth.B2Fw1vhH.d.cts → better-auth.DTiSPWEk.d.cts} +529 -39
- package/dist/shared/better-auth.DURsStt9.mjs +116 -0
- package/dist/shared/{better-auth.BIjcZ_vt.cjs → better-auth.DYoLD99C.cjs} +31 -11
- package/dist/shared/{better-auth.CV1L7TPV.cjs → better-auth.D_ZIX1O8.cjs} +317 -47
- package/dist/shared/{better-auth.C5H9XEzZ.cjs → better-auth.DcWKCjjf.cjs} +1 -2
- package/dist/shared/{better-auth.BDYXUcLv.cjs → better-auth.Dg0siV5C.cjs} +457 -117
- package/dist/shared/better-auth.DjryM8pE.cjs +760 -0
- package/dist/shared/{better-auth.DPBQN9Fs.mjs → better-auth.Dn_Ms1Uf.mjs} +318 -48
- package/dist/shared/{better-auth.DiG4KL2x.mjs → better-auth.OuYYTHC7.mjs} +4 -1
- package/dist/shared/{better-auth.DtC8i3pf.d.cts → better-auth.S1jimRbX.d.mts} +1 -1
- package/dist/shared/better-auth.SPmq4a4z.d.mts +344 -0
- package/dist/shared/{better-auth.cOCrlspr.mjs → better-auth.bkwPl2G4.mjs} +4 -1
- package/dist/shared/better-auth.cp2rC2iM.d.ts +344 -0
- package/dist/shared/better-auth.eVy4DZvP.d.cts +344 -0
- package/dist/shared/{better-auth.BrOpzmqo.mjs → better-auth.iKoUsdFE.mjs} +15 -14
- package/dist/shared/better-auth.rSYJCd3o.mjs +758 -0
- package/dist/social-providers/index.cjs +75 -3
- package/dist/social-providers/index.d.cts +2 -2
- package/dist/social-providers/index.d.mts +2 -2
- package/dist/social-providers/index.d.ts +2 -2
- package/dist/social-providers/index.mjs +77 -6
- package/dist/types/index.d.cts +4 -4
- package/dist/types/index.d.mts +4 -4
- package/dist/types/index.d.ts +4 -4
- package/package.json +42 -5
- package/dist/chunks/server.cjs +0 -905
- package/dist/chunks/server.mjs +0 -895
- package/dist/shared/better-auth.BcoSd9tC.mjs +0 -10
- package/dist/shared/better-auth.BnRFp-t0.mjs +0 -405
- package/dist/shared/better-auth.C1-vpKly.cjs +0 -12
- package/dist/shared/better-auth.ClTSOgiD.mjs +0 -140
- package/dist/shared/better-auth.DC8JQbiE.mjs +0 -173
- package/dist/shared/better-auth.DWHWPllD.cjs +0 -175
- package/dist/shared/better-auth.DqLjzBlO.cjs +0 -408
- package/dist/shared/better-auth.m575EIBC.cjs +0 -144
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
|
-
import { a as createAuthEndpoint, g as getSessionFromCtx, B as BASE_ERROR_CODES } from '../../shared/better-auth.
|
|
2
|
+
import { a as createAuthEndpoint, g as getSessionFromCtx, B as BASE_ERROR_CODES } from '../../shared/better-auth.CWwVo_61.mjs';
|
|
3
3
|
import { APIError } from 'better-call';
|
|
4
|
-
import { m as mergeSchema } from '../../shared/better-auth.
|
|
4
|
+
import { m as mergeSchema } from '../../shared/better-auth.Cc72UxUH.mjs';
|
|
5
5
|
import { g as generateRandomString } from '../../shared/better-auth.B4Qoxdgc.mjs';
|
|
6
6
|
import { setSessionCookie } from '../../cookies/index.mjs';
|
|
7
7
|
import '../../shared/better-auth.8zoxzg-F.mjs';
|
|
8
|
-
import '../../shared/better-auth.
|
|
8
|
+
import '../../shared/better-auth.Cqykj82J.mjs';
|
|
9
9
|
import 'defu';
|
|
10
10
|
import { g as getDate } from '../../shared/better-auth.CW6D9eSx.mjs';
|
|
11
11
|
import '../../social-providers/index.mjs';
|
|
@@ -24,14 +24,25 @@ import '@noble/hashes/utils';
|
|
|
24
24
|
import '../../shared/better-auth.DdzSJf-n.mjs';
|
|
25
25
|
import '@better-auth/utils/random';
|
|
26
26
|
import '../../shared/better-auth.BdyOG_p4.mjs';
|
|
27
|
+
import '../../shared/better-auth.tB5eU6EY.mjs';
|
|
27
28
|
import '../../shared/better-auth.BUPPRXfK.mjs';
|
|
28
29
|
import '@better-auth/utils/hmac';
|
|
29
30
|
import '../../shared/better-auth.DDEbWX-S.mjs';
|
|
30
31
|
import '../../shared/better-auth.VTXNLFMT.mjs';
|
|
31
32
|
import 'jose/errors';
|
|
32
|
-
import '../../shared/better-auth.tB5eU6EY.mjs';
|
|
33
33
|
import '@better-auth/utils/binary';
|
|
34
34
|
|
|
35
|
+
const ERROR_CODES = {
|
|
36
|
+
INVALID_PHONE_NUMBER: "Invalid phone number",
|
|
37
|
+
PHONE_NUMBER_EXIST: "Phone number already exist",
|
|
38
|
+
INVALID_PHONE_NUMBER_OR_PASSWORD: "Invalid phone number or password",
|
|
39
|
+
UNEXPECTED_ERROR: "Unexpected error",
|
|
40
|
+
OTP_NOT_FOUND: "OTP not found",
|
|
41
|
+
OTP_EXPIRED: "OTP expired",
|
|
42
|
+
INVALID_OTP: "Invalid OTP",
|
|
43
|
+
PHONE_NUMBER_NOT_VERIFIED: "Phone number not verified"
|
|
44
|
+
};
|
|
45
|
+
|
|
35
46
|
function generateOTP(size) {
|
|
36
47
|
return generateRandomString(size, "0-9");
|
|
37
48
|
}
|
|
@@ -45,15 +56,6 @@ const phoneNumber = (options) => {
|
|
|
45
56
|
code: "code",
|
|
46
57
|
createdAt: "createdAt"
|
|
47
58
|
};
|
|
48
|
-
const ERROR_CODES = {
|
|
49
|
-
INVALID_PHONE_NUMBER: "Invalid phone number",
|
|
50
|
-
PHONE_NUMBER_EXIST: "Phone number already exist",
|
|
51
|
-
INVALID_PHONE_NUMBER_OR_PASSWORD: "Invalid phone number or password",
|
|
52
|
-
UNEXPECTED_ERROR: "Unexpected error",
|
|
53
|
-
OTP_NOT_FOUND: "OTP not found",
|
|
54
|
-
OTP_EXPIRED: "OTP expired",
|
|
55
|
-
INVALID_OTP: "Invalid OTP"
|
|
56
|
-
};
|
|
57
59
|
return {
|
|
58
60
|
id: "phone-number",
|
|
59
61
|
endpoints: {
|
|
@@ -128,6 +130,23 @@ const phoneNumber = (options) => {
|
|
|
128
130
|
message: ERROR_CODES.INVALID_PHONE_NUMBER_OR_PASSWORD
|
|
129
131
|
});
|
|
130
132
|
}
|
|
133
|
+
if (opts.requireVerification) {
|
|
134
|
+
if (!user.phoneNumberVerified) {
|
|
135
|
+
const otp = generateOTP(opts.otpLength);
|
|
136
|
+
await ctx.context.internalAdapter.createVerificationValue({
|
|
137
|
+
value: otp,
|
|
138
|
+
identifier: phoneNumber2,
|
|
139
|
+
expiresAt: getDate(opts.expiresIn, "sec")
|
|
140
|
+
});
|
|
141
|
+
await opts.sendOTP?.({
|
|
142
|
+
phoneNumber: phoneNumber2,
|
|
143
|
+
code: otp
|
|
144
|
+
});
|
|
145
|
+
throw new APIError("UNAUTHORIZED", {
|
|
146
|
+
message: ERROR_CODES.PHONE_NUMBER_NOT_VERIFIED
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
}
|
|
131
150
|
const accounts = await ctx.context.internalAdapter.findAccountByUserId(user.id);
|
|
132
151
|
const credentialAccount = accounts.find(
|
|
133
152
|
(a) => a.providerId === "credential"
|
|
@@ -244,7 +263,7 @@ const phoneNumber = (options) => {
|
|
|
244
263
|
}
|
|
245
264
|
const code = generateOTP(opts.otpLength);
|
|
246
265
|
await ctx.context.internalAdapter.createVerificationValue({
|
|
247
|
-
value: code
|
|
266
|
+
value: `${code}:0`,
|
|
248
267
|
identifier: ctx.body.phoneNumber,
|
|
249
268
|
expiresAt: getDate(opts.expiresIn, "sec")
|
|
250
269
|
});
|
|
@@ -296,20 +315,83 @@ const phoneNumber = (options) => {
|
|
|
296
315
|
summary: "Verify phone number",
|
|
297
316
|
description: "Use this endpoint to verify phone number",
|
|
298
317
|
responses: {
|
|
299
|
-
200: {
|
|
300
|
-
description: "
|
|
318
|
+
"200": {
|
|
319
|
+
description: "Phone number verified successfully",
|
|
301
320
|
content: {
|
|
302
321
|
"application/json": {
|
|
303
322
|
schema: {
|
|
304
323
|
type: "object",
|
|
305
324
|
properties: {
|
|
306
|
-
|
|
307
|
-
|
|
325
|
+
status: {
|
|
326
|
+
type: "boolean",
|
|
327
|
+
description: "Indicates if the verification was successful",
|
|
328
|
+
enum: [true]
|
|
308
329
|
},
|
|
309
|
-
|
|
310
|
-
|
|
330
|
+
token: {
|
|
331
|
+
type: "string",
|
|
332
|
+
nullable: true,
|
|
333
|
+
description: "Session token if session is created, null if disableSession is true or no session is created"
|
|
334
|
+
},
|
|
335
|
+
user: {
|
|
336
|
+
type: "object",
|
|
337
|
+
nullable: true,
|
|
338
|
+
properties: {
|
|
339
|
+
id: {
|
|
340
|
+
type: "string",
|
|
341
|
+
description: "Unique identifier of the user"
|
|
342
|
+
},
|
|
343
|
+
email: {
|
|
344
|
+
type: "string",
|
|
345
|
+
format: "email",
|
|
346
|
+
nullable: true,
|
|
347
|
+
description: "User's email address"
|
|
348
|
+
},
|
|
349
|
+
emailVerified: {
|
|
350
|
+
type: "boolean",
|
|
351
|
+
nullable: true,
|
|
352
|
+
description: "Whether the email is verified"
|
|
353
|
+
},
|
|
354
|
+
name: {
|
|
355
|
+
type: "string",
|
|
356
|
+
nullable: true,
|
|
357
|
+
description: "User's name"
|
|
358
|
+
},
|
|
359
|
+
image: {
|
|
360
|
+
type: "string",
|
|
361
|
+
format: "uri",
|
|
362
|
+
nullable: true,
|
|
363
|
+
description: "User's profile image URL"
|
|
364
|
+
},
|
|
365
|
+
phoneNumber: {
|
|
366
|
+
type: "string",
|
|
367
|
+
description: "User's phone number"
|
|
368
|
+
},
|
|
369
|
+
phoneNumberVerified: {
|
|
370
|
+
type: "boolean",
|
|
371
|
+
description: "Whether the phone number is verified"
|
|
372
|
+
},
|
|
373
|
+
createdAt: {
|
|
374
|
+
type: "string",
|
|
375
|
+
format: "date-time",
|
|
376
|
+
description: "Timestamp when the user was created"
|
|
377
|
+
},
|
|
378
|
+
updatedAt: {
|
|
379
|
+
type: "string",
|
|
380
|
+
format: "date-time",
|
|
381
|
+
description: "Timestamp when the user was last updated"
|
|
382
|
+
}
|
|
383
|
+
},
|
|
384
|
+
required: [
|
|
385
|
+
"id",
|
|
386
|
+
"phoneNumber",
|
|
387
|
+
"phoneNumberVerified",
|
|
388
|
+
"createdAt",
|
|
389
|
+
"updatedAt"
|
|
390
|
+
],
|
|
391
|
+
description: "User object with phone number details, null if no user is created or found"
|
|
311
392
|
}
|
|
312
|
-
}
|
|
393
|
+
},
|
|
394
|
+
required: ["status"]
|
|
313
395
|
}
|
|
314
396
|
}
|
|
315
397
|
}
|
|
@@ -335,7 +417,18 @@ const phoneNumber = (options) => {
|
|
|
335
417
|
message: ERROR_CODES.OTP_NOT_FOUND
|
|
336
418
|
});
|
|
337
419
|
}
|
|
338
|
-
|
|
420
|
+
const [otpValue, attempts] = otp.value.split(":");
|
|
421
|
+
const allowedAttempts = options?.allowedAttempts || 3;
|
|
422
|
+
if (attempts && parseInt(attempts) >= allowedAttempts) {
|
|
423
|
+
await ctx.context.internalAdapter.deleteVerificationValue(otp.id);
|
|
424
|
+
throw new APIError("FORBIDDEN", {
|
|
425
|
+
message: "Too many attempts"
|
|
426
|
+
});
|
|
427
|
+
}
|
|
428
|
+
if (otpValue !== ctx.body.code) {
|
|
429
|
+
await ctx.context.internalAdapter.updateVerificationValue(otp.id, {
|
|
430
|
+
value: `${otpValue}:${parseInt(attempts || "0") + 1}`
|
|
431
|
+
});
|
|
339
432
|
throw new APIError("BAD_REQUEST", {
|
|
340
433
|
message: "Invalid OTP"
|
|
341
434
|
});
|
|
@@ -443,7 +536,7 @@ const phoneNumber = (options) => {
|
|
|
443
536
|
if (!ctx.body.disableSession) {
|
|
444
537
|
const session = await ctx.context.internalAdapter.createSession(
|
|
445
538
|
user.id,
|
|
446
|
-
ctx.
|
|
539
|
+
ctx.headers
|
|
447
540
|
);
|
|
448
541
|
if (!session) {
|
|
449
542
|
throw new APIError("INTERNAL_SERVER_ERROR", {
|
|
@@ -493,7 +586,32 @@ const phoneNumber = (options) => {
|
|
|
493
586
|
method: "POST",
|
|
494
587
|
body: z.object({
|
|
495
588
|
phoneNumber: z.string()
|
|
496
|
-
})
|
|
589
|
+
}),
|
|
590
|
+
metadata: {
|
|
591
|
+
openapi: {
|
|
592
|
+
description: "Request OTP for password reset via phone number",
|
|
593
|
+
responses: {
|
|
594
|
+
"200": {
|
|
595
|
+
description: "OTP sent successfully for password reset",
|
|
596
|
+
content: {
|
|
597
|
+
"application/json": {
|
|
598
|
+
schema: {
|
|
599
|
+
type: "object",
|
|
600
|
+
properties: {
|
|
601
|
+
status: {
|
|
602
|
+
type: "boolean",
|
|
603
|
+
description: "Indicates if the OTP was sent successfully",
|
|
604
|
+
enum: [true]
|
|
605
|
+
}
|
|
606
|
+
},
|
|
607
|
+
required: ["status"]
|
|
608
|
+
}
|
|
609
|
+
}
|
|
610
|
+
}
|
|
611
|
+
}
|
|
612
|
+
}
|
|
613
|
+
}
|
|
614
|
+
}
|
|
497
615
|
},
|
|
498
616
|
async (ctx) => {
|
|
499
617
|
const user = await ctx.context.adapter.findOne({
|
|
@@ -512,7 +630,7 @@ const phoneNumber = (options) => {
|
|
|
512
630
|
}
|
|
513
631
|
const code = generateOTP(opts.otpLength);
|
|
514
632
|
await ctx.context.internalAdapter.createVerificationValue({
|
|
515
|
-
value: code
|
|
633
|
+
value: `${code}:0`,
|
|
516
634
|
identifier: `${ctx.body.phoneNumber}-forget-password`,
|
|
517
635
|
expiresAt: getDate(opts.expiresIn, "sec")
|
|
518
636
|
});
|
|
@@ -536,7 +654,32 @@ const phoneNumber = (options) => {
|
|
|
536
654
|
otp: z.string(),
|
|
537
655
|
phoneNumber: z.string(),
|
|
538
656
|
newPassword: z.string()
|
|
539
|
-
})
|
|
657
|
+
}),
|
|
658
|
+
metadata: {
|
|
659
|
+
openapi: {
|
|
660
|
+
description: "Reset password using phone number OTP",
|
|
661
|
+
responses: {
|
|
662
|
+
"200": {
|
|
663
|
+
description: "Password reset successfully",
|
|
664
|
+
content: {
|
|
665
|
+
"application/json": {
|
|
666
|
+
schema: {
|
|
667
|
+
type: "object",
|
|
668
|
+
properties: {
|
|
669
|
+
status: {
|
|
670
|
+
type: "boolean",
|
|
671
|
+
description: "Indicates if the password was reset successfully",
|
|
672
|
+
enum: [true]
|
|
673
|
+
}
|
|
674
|
+
},
|
|
675
|
+
required: ["status"]
|
|
676
|
+
}
|
|
677
|
+
}
|
|
678
|
+
}
|
|
679
|
+
}
|
|
680
|
+
}
|
|
681
|
+
}
|
|
682
|
+
}
|
|
540
683
|
},
|
|
541
684
|
async (ctx) => {
|
|
542
685
|
const verification = await ctx.context.internalAdapter.findVerificationValue(
|
|
@@ -552,7 +695,23 @@ const phoneNumber = (options) => {
|
|
|
552
695
|
message: ERROR_CODES.OTP_EXPIRED
|
|
553
696
|
});
|
|
554
697
|
}
|
|
555
|
-
|
|
698
|
+
const [otpValue, attempts] = verification.value.split(":");
|
|
699
|
+
const allowedAttempts = options?.allowedAttempts || 3;
|
|
700
|
+
if (attempts && parseInt(attempts) >= allowedAttempts) {
|
|
701
|
+
await ctx.context.internalAdapter.deleteVerificationValue(
|
|
702
|
+
verification.id
|
|
703
|
+
);
|
|
704
|
+
throw new APIError("FORBIDDEN", {
|
|
705
|
+
message: "Too many attempts"
|
|
706
|
+
});
|
|
707
|
+
}
|
|
708
|
+
if (ctx.body.otp !== otpValue) {
|
|
709
|
+
await ctx.context.internalAdapter.updateVerificationValue(
|
|
710
|
+
verification.id,
|
|
711
|
+
{
|
|
712
|
+
value: `${otpValue}:${parseInt(attempts || "0") + 1}`
|
|
713
|
+
}
|
|
714
|
+
);
|
|
556
715
|
throw new APIError("BAD_REQUEST", {
|
|
557
716
|
message: ERROR_CODES.INVALID_OTP
|
|
558
717
|
});
|
|
@@ -585,6 +744,15 @@ const phoneNumber = (options) => {
|
|
|
585
744
|
)
|
|
586
745
|
},
|
|
587
746
|
schema: mergeSchema(schema, options?.schema),
|
|
747
|
+
rateLimit: [
|
|
748
|
+
{
|
|
749
|
+
pathMatcher(path) {
|
|
750
|
+
return path.startsWith("/phone-number");
|
|
751
|
+
},
|
|
752
|
+
window: 60 * 1e3,
|
|
753
|
+
max: 10
|
|
754
|
+
}
|
|
755
|
+
],
|
|
588
756
|
$ERROR_CODES: ERROR_CODES
|
|
589
757
|
};
|
|
590
758
|
};
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
const zod = require('zod');
|
|
4
4
|
const betterCall = require('better-call');
|
|
5
|
-
const refreshToken = require('../../shared/better-auth.
|
|
5
|
+
const refreshToken = require('../../shared/better-auth.Dg0siV5C.cjs');
|
|
6
6
|
const cookies_index = require('../../cookies/index.cjs');
|
|
7
|
-
require('../../shared/better-auth.
|
|
7
|
+
require('../../shared/better-auth.DcWKCjjf.cjs');
|
|
8
8
|
require('../../shared/better-auth.DiSjtgs9.cjs');
|
|
9
9
|
require('../../shared/better-auth.GpOOav9x.cjs');
|
|
10
10
|
require('defu');
|
|
@@ -25,13 +25,13 @@ require('@noble/hashes/utils');
|
|
|
25
25
|
require('../../shared/better-auth.CYeOI8C-.cjs');
|
|
26
26
|
require('@better-auth/utils/random');
|
|
27
27
|
require('../../shared/better-auth.ANpbi45u.cjs');
|
|
28
|
+
require('../../shared/better-auth.D3mtHEZg.cjs');
|
|
28
29
|
require('../../shared/better-auth.C1hdVENX.cjs');
|
|
29
30
|
require('../../shared/better-auth.Bg6iw3ig.cjs');
|
|
30
31
|
require('@better-auth/utils/hmac');
|
|
31
32
|
require('../../shared/better-auth.BMYo0QR-.cjs');
|
|
32
33
|
require('../../shared/better-auth.C-R0J0n1.cjs');
|
|
33
34
|
require('jose/errors');
|
|
34
|
-
require('../../shared/better-auth.D3mtHEZg.cjs');
|
|
35
35
|
require('@better-auth/utils/binary');
|
|
36
36
|
|
|
37
37
|
const sso = (options) => {
|
|
@@ -98,7 +98,10 @@ const sso = (options) => {
|
|
|
98
98
|
}).optional(),
|
|
99
99
|
organizationId: zod.z.string({
|
|
100
100
|
description: "If organization plugin is enabled, the organization id to link the provider to"
|
|
101
|
-
}).optional()
|
|
101
|
+
}).optional(),
|
|
102
|
+
overrideUserInfo: zod.z.boolean({
|
|
103
|
+
description: "Override user info with the provider info. Defaults to false"
|
|
104
|
+
}).default(false).optional()
|
|
102
105
|
}),
|
|
103
106
|
use: [refreshToken.sessionMiddleware],
|
|
104
107
|
metadata: {
|
|
@@ -107,7 +110,160 @@ const sso = (options) => {
|
|
|
107
110
|
description: "This endpoint is used to register an OIDC provider. This is used to configure the provider and link it to an organization",
|
|
108
111
|
responses: {
|
|
109
112
|
"200": {
|
|
110
|
-
description: "
|
|
113
|
+
description: "OIDC provider created successfully",
|
|
114
|
+
content: {
|
|
115
|
+
"application/json": {
|
|
116
|
+
schema: {
|
|
117
|
+
type: "object",
|
|
118
|
+
properties: {
|
|
119
|
+
issuer: {
|
|
120
|
+
type: "string",
|
|
121
|
+
format: "uri",
|
|
122
|
+
description: "The issuer URL of the provider"
|
|
123
|
+
},
|
|
124
|
+
domain: {
|
|
125
|
+
type: "string",
|
|
126
|
+
description: "The domain of the provider, used for email matching"
|
|
127
|
+
},
|
|
128
|
+
oidcConfig: {
|
|
129
|
+
type: "object",
|
|
130
|
+
properties: {
|
|
131
|
+
issuer: {
|
|
132
|
+
type: "string",
|
|
133
|
+
format: "uri",
|
|
134
|
+
description: "The issuer URL of the provider"
|
|
135
|
+
},
|
|
136
|
+
pkce: {
|
|
137
|
+
type: "boolean",
|
|
138
|
+
description: "Whether PKCE is enabled for the authorization flow"
|
|
139
|
+
},
|
|
140
|
+
clientId: {
|
|
141
|
+
type: "string",
|
|
142
|
+
description: "The client ID for the provider"
|
|
143
|
+
},
|
|
144
|
+
clientSecret: {
|
|
145
|
+
type: "string",
|
|
146
|
+
description: "The client secret for the provider"
|
|
147
|
+
},
|
|
148
|
+
authorizationEndpoint: {
|
|
149
|
+
type: "string",
|
|
150
|
+
format: "uri",
|
|
151
|
+
nullable: true,
|
|
152
|
+
description: "The authorization endpoint URL"
|
|
153
|
+
},
|
|
154
|
+
discoveryEndpoint: {
|
|
155
|
+
type: "string",
|
|
156
|
+
format: "uri",
|
|
157
|
+
description: "The discovery endpoint URL"
|
|
158
|
+
},
|
|
159
|
+
userInfoEndpoint: {
|
|
160
|
+
type: "string",
|
|
161
|
+
format: "uri",
|
|
162
|
+
nullable: true,
|
|
163
|
+
description: "The user info endpoint URL"
|
|
164
|
+
},
|
|
165
|
+
scopes: {
|
|
166
|
+
type: "array",
|
|
167
|
+
items: { type: "string" },
|
|
168
|
+
nullable: true,
|
|
169
|
+
description: "The scopes requested from the provider"
|
|
170
|
+
},
|
|
171
|
+
tokenEndpoint: {
|
|
172
|
+
type: "string",
|
|
173
|
+
format: "uri",
|
|
174
|
+
nullable: true,
|
|
175
|
+
description: "The token endpoint URL"
|
|
176
|
+
},
|
|
177
|
+
tokenEndpointAuthentication: {
|
|
178
|
+
type: "string",
|
|
179
|
+
enum: [
|
|
180
|
+
"client_secret_post",
|
|
181
|
+
"client_secret_basic"
|
|
182
|
+
],
|
|
183
|
+
nullable: true,
|
|
184
|
+
description: "Authentication method for the token endpoint"
|
|
185
|
+
},
|
|
186
|
+
jwksEndpoint: {
|
|
187
|
+
type: "string",
|
|
188
|
+
format: "uri",
|
|
189
|
+
nullable: true,
|
|
190
|
+
description: "The JWKS endpoint URL"
|
|
191
|
+
},
|
|
192
|
+
mapping: {
|
|
193
|
+
type: "object",
|
|
194
|
+
nullable: true,
|
|
195
|
+
properties: {
|
|
196
|
+
id: {
|
|
197
|
+
type: "string",
|
|
198
|
+
description: "Field mapping for user ID (defaults to 'sub')"
|
|
199
|
+
},
|
|
200
|
+
email: {
|
|
201
|
+
type: "string",
|
|
202
|
+
description: "Field mapping for email (defaults to 'email')"
|
|
203
|
+
},
|
|
204
|
+
emailVerified: {
|
|
205
|
+
type: "string",
|
|
206
|
+
nullable: true,
|
|
207
|
+
description: "Field mapping for email verification (defaults to 'email_verified')"
|
|
208
|
+
},
|
|
209
|
+
name: {
|
|
210
|
+
type: "string",
|
|
211
|
+
description: "Field mapping for name (defaults to 'name')"
|
|
212
|
+
},
|
|
213
|
+
image: {
|
|
214
|
+
type: "string",
|
|
215
|
+
nullable: true,
|
|
216
|
+
description: "Field mapping for image (defaults to 'picture')"
|
|
217
|
+
},
|
|
218
|
+
extraFields: {
|
|
219
|
+
type: "object",
|
|
220
|
+
additionalProperties: { type: "string" },
|
|
221
|
+
nullable: true,
|
|
222
|
+
description: "Additional field mappings"
|
|
223
|
+
}
|
|
224
|
+
},
|
|
225
|
+
required: ["id", "email", "name"]
|
|
226
|
+
}
|
|
227
|
+
},
|
|
228
|
+
required: [
|
|
229
|
+
"issuer",
|
|
230
|
+
"pkce",
|
|
231
|
+
"clientId",
|
|
232
|
+
"clientSecret",
|
|
233
|
+
"discoveryEndpoint"
|
|
234
|
+
],
|
|
235
|
+
description: "OIDC configuration for the provider"
|
|
236
|
+
},
|
|
237
|
+
organizationId: {
|
|
238
|
+
type: "string",
|
|
239
|
+
nullable: true,
|
|
240
|
+
description: "ID of the linked organization, if any"
|
|
241
|
+
},
|
|
242
|
+
userId: {
|
|
243
|
+
type: "string",
|
|
244
|
+
description: "ID of the user who registered the provider"
|
|
245
|
+
},
|
|
246
|
+
providerId: {
|
|
247
|
+
type: "string",
|
|
248
|
+
description: "Unique identifier for the provider"
|
|
249
|
+
},
|
|
250
|
+
redirectURI: {
|
|
251
|
+
type: "string",
|
|
252
|
+
format: "uri",
|
|
253
|
+
description: "The redirect URI for the provider callback"
|
|
254
|
+
}
|
|
255
|
+
},
|
|
256
|
+
required: [
|
|
257
|
+
"issuer",
|
|
258
|
+
"domain",
|
|
259
|
+
"oidcConfig",
|
|
260
|
+
"userId",
|
|
261
|
+
"providerId",
|
|
262
|
+
"redirectURI"
|
|
263
|
+
]
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
}
|
|
111
267
|
}
|
|
112
268
|
}
|
|
113
269
|
}
|
|
@@ -138,7 +294,8 @@ const sso = (options) => {
|
|
|
138
294
|
discoveryEndpoint: body.discoveryEndpoint || `${body.issuer}/.well-known/openid-configuration`,
|
|
139
295
|
mapping: body.mapping,
|
|
140
296
|
scopes: body.scopes,
|
|
141
|
-
userinfoEndpoint: body.userInfoEndpoint
|
|
297
|
+
userinfoEndpoint: body.userInfoEndpoint,
|
|
298
|
+
overrideUserInfo: ctx.body.overrideUserInfo || options?.defaultOverrideUserInfo || false
|
|
142
299
|
}),
|
|
143
300
|
organizationId: body.organizationId,
|
|
144
301
|
userId: ctx.context.session.user.id,
|
|
@@ -224,6 +381,31 @@ const sso = (options) => {
|
|
|
224
381
|
}
|
|
225
382
|
}
|
|
226
383
|
}
|
|
384
|
+
},
|
|
385
|
+
responses: {
|
|
386
|
+
"200": {
|
|
387
|
+
description: "Authorization URL generated successfully for SSO sign-in",
|
|
388
|
+
content: {
|
|
389
|
+
"application/json": {
|
|
390
|
+
schema: {
|
|
391
|
+
type: "object",
|
|
392
|
+
properties: {
|
|
393
|
+
url: {
|
|
394
|
+
type: "string",
|
|
395
|
+
format: "uri",
|
|
396
|
+
description: "The authorization URL to redirect the user to for SSO sign-in"
|
|
397
|
+
},
|
|
398
|
+
redirect: {
|
|
399
|
+
type: "boolean",
|
|
400
|
+
description: "Indicates that the client should redirect to the provided URL",
|
|
401
|
+
enum: [true]
|
|
402
|
+
}
|
|
403
|
+
},
|
|
404
|
+
required: ["url", "redirect"]
|
|
405
|
+
}
|
|
406
|
+
}
|
|
407
|
+
}
|
|
408
|
+
}
|
|
227
409
|
}
|
|
228
410
|
}
|
|
229
411
|
}
|
|
@@ -479,7 +661,8 @@ const sso = (options) => {
|
|
|
479
661
|
refreshTokenExpiresAt: tokenResponse.refreshTokenExpiresAt,
|
|
480
662
|
scope: tokenResponse.scopes?.join(",")
|
|
481
663
|
},
|
|
482
|
-
disableSignUp: options?.disableImplicitSignUp && !requestSignUp
|
|
664
|
+
disableSignUp: options?.disableImplicitSignUp && !requestSignUp,
|
|
665
|
+
overrideUserInfo: config.overrideUserInfo
|
|
483
666
|
});
|
|
484
667
|
if (linked.error) {
|
|
485
668
|
throw ctx.redirect(
|