better-auth 1.3.1 → 1.3.2

package/dist/plugins/phone-number/index.d.ts

@@ -1,9 +1,9 @@
 import * as better_call from 'better-call';
-import * as zod_v4 from 'zod/v4';
-import { U as User, I as InferOptionSchema } from '../../shared/better-auth.2lcgvW_O.js';
+import * as z from 'zod/v4';
+import { U as User, I as InferOptionSchema } from '../../shared/better-auth.Dj2HyOmw.js';
 import 'kysely';
 import '../../shared/better-auth.ZSfSbnQT.js';
-import '../../shared/better-auth.PS9uuCnX.js';
+import '../../shared/better-auth.DPa2nz5L.js';
 import 'jose';
 import 'zod/v4/core';
 import 'better-sqlite3';
@@ -170,11 +170,11 @@ declare const phoneNumber: (options?: PhoneNumberOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    phoneNumber: zod_v4.ZodString;
-                    password: zod_v4.ZodString;
-                    rememberMe: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                }, zod_v4.core.$strip>;
+                body: z.ZodObject<{
+                    phoneNumber: z.ZodString;
+                    password: z.ZodString;
+                    rememberMe: z.ZodOptional<z.ZodBoolean>;
+                }, z.core.$strip>;
                 metadata: {
                     openapi: {
                         summary: string;
@@ -257,9 +257,9 @@ declare const phoneNumber: (options?: PhoneNumberOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    phoneNumber: zod_v4.ZodString;
-                }, zod_v4.core.$strip>;
+                body: z.ZodObject<{
+                    phoneNumber: z.ZodString;
+                }, z.core.$strip>;
                 metadata: {
                     openapi: {
                         summary: string;
@@ -351,12 +351,12 @@ declare const phoneNumber: (options?: PhoneNumberOptions) => {
             } | null>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    phoneNumber: zod_v4.ZodString;
-                    code: zod_v4.ZodString;
-                    disableSession: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                    updatePhoneNumber: zod_v4.ZodOptional<zod_v4.ZodBoolean>;
-                }, zod_v4.core.$strip>;
+                body: z.ZodObject<{
+                    phoneNumber: z.ZodString;
+                    code: z.ZodString;
+                    disableSession: z.ZodOptional<z.ZodBoolean>;
+                    updatePhoneNumber: z.ZodOptional<z.ZodBoolean>;
+                }, z.core.$strip>;
                 metadata: {
                     openapi: {
                         summary: string;
@@ -484,9 +484,9 @@ declare const phoneNumber: (options?: PhoneNumberOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    phoneNumber: zod_v4.ZodString;
-                }, zod_v4.core.$strip>;
+                body: z.ZodObject<{
+                    phoneNumber: z.ZodString;
+                }, z.core.$strip>;
                 metadata: {
                     openapi: {
                         description: string;
@@ -550,9 +550,9 @@ declare const phoneNumber: (options?: PhoneNumberOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    phoneNumber: zod_v4.ZodString;
-                }, zod_v4.core.$strip>;
+                body: z.ZodObject<{
+                    phoneNumber: z.ZodString;
+                }, z.core.$strip>;
                 metadata: {
                     openapi: {
                         description: string;
@@ -618,11 +618,11 @@ declare const phoneNumber: (options?: PhoneNumberOptions) => {
             }>;
             options: {
                 method: "POST";
-                body: zod_v4.ZodObject<{
-                    otp: zod_v4.ZodString;
-                    phoneNumber: zod_v4.ZodString;
-                    newPassword: zod_v4.ZodString;
-                }, zod_v4.core.$strip>;
+                body: z.ZodObject<{
+                    otp: z.ZodString;
+                    phoneNumber: z.ZodString;
+                    newPassword: z.ZodString;
+                }, z.core.$strip>;
                 metadata: {
                     openapi: {
                         description: string;

package/dist/plugins/phone-number/index.mjs

@@ -1,5 +1,5 @@
 import * as z from 'zod/v4';
-import { j as createAuthEndpoint, k as getSessionFromCtx, B as BASE_ERROR_CODES } from '../../shared/better-auth.BOumacvv.mjs';
+import { j as createAuthEndpoint, k as getSessionFromCtx, B as BASE_ERROR_CODES } from '../../shared/better-auth.D4HhkCZJ.mjs';
 import { APIError } from 'better-call';
 import { m as mergeSchema } from '../../shared/better-auth.n2KFGwjY.mjs';
 import { g as generateRandomString } from '../../shared/better-auth.B4Qoxdgc.mjs';

package/dist/plugins/siwe/index.cjs

@@ -0,0 +1,297 @@
+'use strict';
+
+const betterCall = require('better-call');
+const socialProviders_index = require('../../shared/better-auth.CU2ZnFFo.cjs');
+require('zod/v4');
+const cookies_index = require('../../cookies/index.cjs');
+require('../../shared/better-auth.BIMq4RPW.cjs');
+require('../../shared/better-auth.DiSjtgs9.cjs');
+require('../../shared/better-auth.CXhVNgXP.cjs');
+require('defu');
+const zod = require('zod');
+const url = require('../../shared/better-auth.C-R0J0n1.cjs');
+const sha3 = require('@noble/hashes/sha3');
+require('../../shared/better-auth.C1hdVENX.cjs');
+require('@better-auth/utils/hash');
+require('@better-auth/utils/base64');
+require('../../crypto/index.cjs');
+require('@noble/ciphers/chacha');
+require('@noble/ciphers/utils');
+require('@noble/ciphers/webcrypto');
+require('jose');
+require('@noble/hashes/scrypt');
+require('@better-auth/utils');
+require('@better-auth/utils/hex');
+require('@noble/hashes/utils');
+require('../../shared/better-auth.CYeOI8C-.cjs');
+require('@better-auth/utils/random');
+require('@better-fetch/fetch');
+require('../../shared/better-auth.D3mtHEZg.cjs');
+require('@better-auth/utils/hmac');
+require('@better-auth/utils/binary');
+require('jose/errors');
+require('../../shared/better-auth.ANpbi45u.cjs');
+
+const schema = {
+  walletAddress: {
+    fields: {
+      userId: {
+        type: "string",
+        references: {
+          model: "user",
+          field: "id"
+        },
+        required: true
+      },
+      address: {
+        type: "string",
+        required: true
+      },
+      chainId: {
+        type: "number",
+        required: true
+      },
+      isPrimary: {
+        type: "boolean",
+        defaultValue: false
+      },
+      createdAt: {
+        type: "date",
+        required: true
+      }
+    }
+  }
+};
+
+function toChecksumAddress(address) {
+  address = address.toLowerCase().replace("0x", "");
+  const hash = [...sha3.keccak_256(address)].map((v) => v.toString(16).padStart(2, "0")).join("");
+  let ret = "0x";
+  for (let i = 0; i < 40; i++) {
+    if (parseInt(hash[i], 16) >= 8) {
+      ret += address[i].toUpperCase();
+    } else {
+      ret += address[i];
+    }
+  }
+  return ret;
+}
+
+const siwe = (options) => ({
+  id: "siwe",
+  schema,
+  endpoints: {
+    getSiweNonce: socialProviders_index.createAuthEndpoint(
+      "/siwe/nonce",
+      {
+        method: "POST",
+        body: zod.z.object({
+          walletAddress: zod.z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
+          chainId: zod.z.number().int().positive().max(2147483647).optional().default(1)
+          // Default to Ethereum mainnet
+        })
+      },
+      async (ctx) => {
+        const { walletAddress: rawWalletAddress, chainId } = ctx.body;
+        const walletAddress = toChecksumAddress(rawWalletAddress);
+        const nonce = await options.getNonce();
+        await ctx.context.internalAdapter.createVerificationValue({
+          identifier: `siwe:${walletAddress}:${chainId}`,
+          value: nonce,
+          expiresAt: new Date(Date.now() + 15 * 60 * 1e3)
+        });
+        return ctx.json({ nonce });
+      }
+    ),
+    verifySiweMessage: socialProviders_index.createAuthEndpoint(
+      "/siwe/verify",
+      {
+        method: "POST",
+        body: zod.z.object({
+          message: zod.z.string().min(1),
+          signature: zod.z.string().min(1),
+          walletAddress: zod.z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
+          chainId: zod.z.number().int().positive().max(2147483647).optional().default(1),
+          email: zod.z.string().email().optional()
+        }).refine((data) => options.anonymous !== false || !!data.email, {
+          message: "Email is required when the anonymous plugin option is disabled.",
+          path: ["email"]
+        }),
+        requireRequest: true
+      },
+      async (ctx) => {
+        const {
+          message,
+          signature,
+          walletAddress: rawWalletAddress,
+          chainId,
+          email
+        } = ctx.body;
+        const walletAddress = toChecksumAddress(rawWalletAddress);
+        const isAnon = options.anonymous ?? true;
+        if (!isAnon && !email) {
+          throw new betterCall.APIError("BAD_REQUEST", {
+            message: "Email is required when anonymous is disabled.",
+            status: 400
+          });
+        }
+        try {
+          const verification = await ctx.context.internalAdapter.findVerificationValue(
+            `siwe:${walletAddress}:${chainId}`
+          );
+          if (!verification || /* @__PURE__ */ new Date() > verification.expiresAt) {
+            throw new betterCall.APIError("UNAUTHORIZED", {
+              message: "Unauthorized: Invalid or expired nonce",
+              status: 401,
+              code: "UNAUTHORIZED_INVALID_OR_EXPIRED_NONCE"
+            });
+          }
+          const { value: nonce } = verification;
+          const verified = await options.verifyMessage({
+            message,
+            signature,
+            address: walletAddress,
+            chainId,
+            cacao: {
+              h: { t: "caip122" },
+              p: {
+                domain: options.domain,
+                aud: options.domain,
+                nonce,
+                iss: options.domain,
+                version: "1"
+              },
+              s: { t: "eip191", s: signature }
+            }
+          });
+          if (!verified) {
+            throw new betterCall.APIError("UNAUTHORIZED", {
+              message: "Unauthorized: Invalid SIWE signature",
+              status: 401
+            });
+          }
+          await ctx.context.internalAdapter.deleteVerificationValue(
+            verification.id
+          );
+          let user = null;
+          const existingWalletAddress = await ctx.context.adapter.findOne({
+            model: "walletAddress",
+            where: [
+              { field: "address", operator: "eq", value: walletAddress },
+              { field: "chainId", operator: "eq", value: chainId }
+            ]
+          });
+          if (existingWalletAddress) {
+            user = await ctx.context.adapter.findOne({
+              model: "user",
+              where: [
+                {
+                  field: "id",
+                  operator: "eq",
+                  value: existingWalletAddress.userId
+                }
+              ]
+            });
+          } else {
+            const anyWalletAddress = await ctx.context.adapter.findOne({
+              model: "walletAddress",
+              where: [
+                { field: "address", operator: "eq", value: walletAddress }
+              ]
+            });
+            if (anyWalletAddress) {
+              user = await ctx.context.adapter.findOne({
+                model: "user",
+                where: [
+                  {
+                    field: "id",
+                    operator: "eq",
+                    value: anyWalletAddress.userId
+                  }
+                ]
+              });
+            }
+          }
+          if (!user) {
+            const domain = options.emailDomainName ?? url.getOrigin(ctx.context.baseURL);
+            const userEmail = !isAnon && email ? email : `${walletAddress}@${domain}`;
+            const { name, avatar } = await options.ensLookup?.({ walletAddress }) ?? {};
+            user = await ctx.context.internalAdapter.createUser({
+              name: name ?? walletAddress,
+              email: userEmail,
+              image: avatar ?? ""
+            });
+            await ctx.context.adapter.create({
+              model: "walletAddress",
+              data: {
+                userId: user.id,
+                address: walletAddress,
+                chainId,
+                isPrimary: true,
+                // First address is primary
+                createdAt: /* @__PURE__ */ new Date()
+              }
+            });
+            await ctx.context.internalAdapter.createAccount({
+              userId: user.id,
+              providerId: "siwe",
+              accountId: `${walletAddress}:${chainId}`,
+              createdAt: /* @__PURE__ */ new Date(),
+              updatedAt: /* @__PURE__ */ new Date()
+            });
+          } else {
+            if (!existingWalletAddress) {
+              await ctx.context.adapter.create({
+                model: "walletAddress",
+                data: {
+                  userId: user.id,
+                  address: walletAddress,
+                  chainId,
+                  isPrimary: false,
+                  // Additional addresses are not primary by default
+                  createdAt: /* @__PURE__ */ new Date()
+                }
+              });
+              await ctx.context.internalAdapter.createAccount({
+                userId: user.id,
+                providerId: "siwe",
+                accountId: `${walletAddress}:${chainId}`,
+                createdAt: /* @__PURE__ */ new Date(),
+                updatedAt: /* @__PURE__ */ new Date()
+              });
+            }
+          }
+          const session = await ctx.context.internalAdapter.createSession(
+            user.id,
+            ctx
+          );
+          if (!session) {
+            throw new betterCall.APIError("INTERNAL_SERVER_ERROR", {
+              message: "Internal Server Error",
+              status: 500
+            });
+          }
+          await cookies_index.setSessionCookie(ctx, { session, user });
+          return ctx.json({
+            token: session.token,
+            success: true,
+            user: {
+              id: user.id,
+              walletAddress,
+              chainId
+            }
+          });
+        } catch (error) {
+          if (error instanceof betterCall.APIError) throw error;
+          throw new betterCall.APIError("UNAUTHORIZED", {
+            message: "Something went wrong. Please try again later.",
+            error: error instanceof Error ? error.message : "Unknown error",
+            status: 401
+          });
+        }
+      }
+    )
+  }
+});
+
+exports.siwe = siwe;

package/dist/plugins/siwe/index.d.cts

@@ -0,0 +1,195 @@
+import * as better_call from 'better-call';
+import { z } from 'zod';
+
+interface CacaoHeader {
+    t: "caip122";
+}
+interface CacaoPayload {
+    domain: string;
+    aud: string;
+    nonce: string;
+    iss: string;
+    version?: string;
+    iat?: string;
+    nbf?: string;
+    exp?: string;
+    statement?: string;
+    requestId?: string;
+    resources?: string[];
+    type?: string;
+}
+interface Cacao {
+    h: CacaoHeader;
+    p: CacaoPayload;
+    s: {
+        t: "eip191" | "eip1271";
+        s: string;
+        m?: string;
+    };
+}
+interface SIWEVerifyMessageArgs {
+    message: string;
+    signature: string;
+    address: string;
+    chainId: number;
+    cacao?: Cacao;
+}
+interface ENSLookupArgs {
+    walletAddress: string;
+}
+interface ENSLookupResult {
+    name: string;
+    avatar: string;
+}
+
+interface SIWEPluginOptions {
+    domain: string;
+    emailDomainName?: string;
+    anonymous?: boolean;
+    getNonce: () => Promise<string>;
+    verifyMessage: (args: SIWEVerifyMessageArgs) => Promise<boolean>;
+    ensLookup?: (args: ENSLookupArgs) => Promise<ENSLookupResult>;
+}
+declare const siwe: (options: SIWEPluginOptions) => {
+    id: "siwe";
+    schema: {
+        walletAddress: {
+            fields: {
+                userId: {
+                    type: "string";
+                    references: {
+                        model: string;
+                        field: string;
+                    };
+                    required: true;
+                };
+                address: {
+                    type: "string";
+                    required: true;
+                };
+                chainId: {
+                    type: "number";
+                    required: true;
+                };
+                isPrimary: {
+                    type: "boolean";
+                    defaultValue: false;
+                };
+                createdAt: {
+                    type: "date";
+                    required: true;
+                };
+            };
+        };
+    };
+    endpoints: {
+        getSiweNonce: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    walletAddress: string;
+                    chainId?: number | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params?: Record<string, any>;
+            } & {
+                request?: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: {
+                    nonce: string;
+                };
+            } : {
+                nonce: string;
+            }>;
+            options: {
+                method: "POST";
+                body: z.ZodObject<{
+                    walletAddress: z.ZodString;
+                    chainId: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+                }, z.core.$strip>;
+            } & {
+                use: any[];
+            };
+            path: "/siwe/nonce";
+        };
+        verifySiweMessage: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    message: string;
+                    signature: string;
+                    walletAddress: string;
+                    chainId?: number | undefined;
+                    email?: string | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params?: Record<string, any>;
+            } & {
+                request: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: {
+                    token: string;
+                    success: boolean;
+                    user: {
+                        id: string;
+                        walletAddress: string;
+                        chainId: number;
+                    };
+                };
+            } : {
+                token: string;
+                success: boolean;
+                user: {
+                    id: string;
+                    walletAddress: string;
+                    chainId: number;
+                };
+            }>;
+            options: {
+                method: "POST";
+                body: z.ZodObject<{
+                    message: z.ZodString;
+                    signature: z.ZodString;
+                    walletAddress: z.ZodString;
+                    chainId: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+                    email: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                requireRequest: true;
+            } & {
+                use: any[];
+            };
+            path: "/siwe/verify";
+        };
+    };
+};
+
+export { siwe };
+export type { SIWEPluginOptions };