better-auth 1.3.1 → 1.3.2

package/dist/plugins/siwe/index.d.mts

@@ -0,0 +1,195 @@
+import * as better_call from 'better-call';
+import { z } from 'zod';
+
+interface CacaoHeader {
+    t: "caip122";
+}
+interface CacaoPayload {
+    domain: string;
+    aud: string;
+    nonce: string;
+    iss: string;
+    version?: string;
+    iat?: string;
+    nbf?: string;
+    exp?: string;
+    statement?: string;
+    requestId?: string;
+    resources?: string[];
+    type?: string;
+}
+interface Cacao {
+    h: CacaoHeader;
+    p: CacaoPayload;
+    s: {
+        t: "eip191" | "eip1271";
+        s: string;
+        m?: string;
+    };
+}
+interface SIWEVerifyMessageArgs {
+    message: string;
+    signature: string;
+    address: string;
+    chainId: number;
+    cacao?: Cacao;
+}
+interface ENSLookupArgs {
+    walletAddress: string;
+}
+interface ENSLookupResult {
+    name: string;
+    avatar: string;
+}
+
+interface SIWEPluginOptions {
+    domain: string;
+    emailDomainName?: string;
+    anonymous?: boolean;
+    getNonce: () => Promise<string>;
+    verifyMessage: (args: SIWEVerifyMessageArgs) => Promise<boolean>;
+    ensLookup?: (args: ENSLookupArgs) => Promise<ENSLookupResult>;
+}
+declare const siwe: (options: SIWEPluginOptions) => {
+    id: "siwe";
+    schema: {
+        walletAddress: {
+            fields: {
+                userId: {
+                    type: "string";
+                    references: {
+                        model: string;
+                        field: string;
+                    };
+                    required: true;
+                };
+                address: {
+                    type: "string";
+                    required: true;
+                };
+                chainId: {
+                    type: "number";
+                    required: true;
+                };
+                isPrimary: {
+                    type: "boolean";
+                    defaultValue: false;
+                };
+                createdAt: {
+                    type: "date";
+                    required: true;
+                };
+            };
+        };
+    };
+    endpoints: {
+        getSiweNonce: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    walletAddress: string;
+                    chainId?: number | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params?: Record<string, any>;
+            } & {
+                request?: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: {
+                    nonce: string;
+                };
+            } : {
+                nonce: string;
+            }>;
+            options: {
+                method: "POST";
+                body: z.ZodObject<{
+                    walletAddress: z.ZodString;
+                    chainId: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+                }, z.core.$strip>;
+            } & {
+                use: any[];
+            };
+            path: "/siwe/nonce";
+        };
+        verifySiweMessage: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    message: string;
+                    signature: string;
+                    walletAddress: string;
+                    chainId?: number | undefined;
+                    email?: string | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params?: Record<string, any>;
+            } & {
+                request: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: {
+                    token: string;
+                    success: boolean;
+                    user: {
+                        id: string;
+                        walletAddress: string;
+                        chainId: number;
+                    };
+                };
+            } : {
+                token: string;
+                success: boolean;
+                user: {
+                    id: string;
+                    walletAddress: string;
+                    chainId: number;
+                };
+            }>;
+            options: {
+                method: "POST";
+                body: z.ZodObject<{
+                    message: z.ZodString;
+                    signature: z.ZodString;
+                    walletAddress: z.ZodString;
+                    chainId: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+                    email: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                requireRequest: true;
+            } & {
+                use: any[];
+            };
+            path: "/siwe/verify";
+        };
+    };
+};
+
+export { siwe };
+export type { SIWEPluginOptions };

package/dist/plugins/siwe/index.d.ts

@@ -0,0 +1,195 @@
+import * as better_call from 'better-call';
+import { z } from 'zod';
+
+interface CacaoHeader {
+    t: "caip122";
+}
+interface CacaoPayload {
+    domain: string;
+    aud: string;
+    nonce: string;
+    iss: string;
+    version?: string;
+    iat?: string;
+    nbf?: string;
+    exp?: string;
+    statement?: string;
+    requestId?: string;
+    resources?: string[];
+    type?: string;
+}
+interface Cacao {
+    h: CacaoHeader;
+    p: CacaoPayload;
+    s: {
+        t: "eip191" | "eip1271";
+        s: string;
+        m?: string;
+    };
+}
+interface SIWEVerifyMessageArgs {
+    message: string;
+    signature: string;
+    address: string;
+    chainId: number;
+    cacao?: Cacao;
+}
+interface ENSLookupArgs {
+    walletAddress: string;
+}
+interface ENSLookupResult {
+    name: string;
+    avatar: string;
+}
+
+interface SIWEPluginOptions {
+    domain: string;
+    emailDomainName?: string;
+    anonymous?: boolean;
+    getNonce: () => Promise<string>;
+    verifyMessage: (args: SIWEVerifyMessageArgs) => Promise<boolean>;
+    ensLookup?: (args: ENSLookupArgs) => Promise<ENSLookupResult>;
+}
+declare const siwe: (options: SIWEPluginOptions) => {
+    id: "siwe";
+    schema: {
+        walletAddress: {
+            fields: {
+                userId: {
+                    type: "string";
+                    references: {
+                        model: string;
+                        field: string;
+                    };
+                    required: true;
+                };
+                address: {
+                    type: "string";
+                    required: true;
+                };
+                chainId: {
+                    type: "number";
+                    required: true;
+                };
+                isPrimary: {
+                    type: "boolean";
+                    defaultValue: false;
+                };
+                createdAt: {
+                    type: "date";
+                    required: true;
+                };
+            };
+        };
+    };
+    endpoints: {
+        getSiweNonce: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    walletAddress: string;
+                    chainId?: number | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params?: Record<string, any>;
+            } & {
+                request?: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: {
+                    nonce: string;
+                };
+            } : {
+                nonce: string;
+            }>;
+            options: {
+                method: "POST";
+                body: z.ZodObject<{
+                    walletAddress: z.ZodString;
+                    chainId: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+                }, z.core.$strip>;
+            } & {
+                use: any[];
+            };
+            path: "/siwe/nonce";
+        };
+        verifySiweMessage: {
+            <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
+                body: {
+                    message: string;
+                    signature: string;
+                    walletAddress: string;
+                    chainId?: number | undefined;
+                    email?: string | undefined;
+                };
+            } & {
+                method?: "POST" | undefined;
+            } & {
+                query?: Record<string, any> | undefined;
+            } & {
+                params?: Record<string, any>;
+            } & {
+                request: Request;
+            } & {
+                headers?: HeadersInit;
+            } & {
+                asResponse?: boolean;
+                returnHeaders?: boolean;
+                use?: better_call.Middleware[];
+                path?: string;
+            } & {
+                asResponse?: AsResponse | undefined;
+                returnHeaders?: ReturnHeaders | undefined;
+            }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+                headers: Headers;
+                response: {
+                    token: string;
+                    success: boolean;
+                    user: {
+                        id: string;
+                        walletAddress: string;
+                        chainId: number;
+                    };
+                };
+            } : {
+                token: string;
+                success: boolean;
+                user: {
+                    id: string;
+                    walletAddress: string;
+                    chainId: number;
+                };
+            }>;
+            options: {
+                method: "POST";
+                body: z.ZodObject<{
+                    message: z.ZodString;
+                    signature: z.ZodString;
+                    walletAddress: z.ZodString;
+                    chainId: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+                    email: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>;
+                requireRequest: true;
+            } & {
+                use: any[];
+            };
+            path: "/siwe/verify";
+        };
+    };
+};
+
+export { siwe };
+export type { SIWEPluginOptions };

package/dist/plugins/siwe/index.mjs

@@ -0,0 +1,295 @@
+import { APIError } from 'better-call';
+import { j as createAuthEndpoint } from '../../shared/better-auth.D4HhkCZJ.mjs';
+import 'zod/v4';
+import { setSessionCookie } from '../../cookies/index.mjs';
+import '../../shared/better-auth.n2KFGwjY.mjs';
+import '../../shared/better-auth.8zoxzg-F.mjs';
+import '../../shared/better-auth.DBGfIDnh.mjs';
+import 'defu';
+import { z } from 'zod';
+import { g as getOrigin } from '../../shared/better-auth.VTXNLFMT.mjs';
+import { keccak_256 } from '@noble/hashes/sha3';
+import '../../shared/better-auth.CW6D9eSx.mjs';
+import '@better-auth/utils/hash';
+import '@better-auth/utils/base64';
+import '../../crypto/index.mjs';
+import '@noble/ciphers/chacha';
+import '@noble/ciphers/utils';
+import '@noble/ciphers/webcrypto';
+import 'jose';
+import '@noble/hashes/scrypt';
+import '@better-auth/utils';
+import '@better-auth/utils/hex';
+import '@noble/hashes/utils';
+import '../../shared/better-auth.B4Qoxdgc.mjs';
+import '@better-auth/utils/random';
+import '@better-fetch/fetch';
+import '../../shared/better-auth.tB5eU6EY.mjs';
+import '@better-auth/utils/hmac';
+import '@better-auth/utils/binary';
+import 'jose/errors';
+import '../../shared/better-auth.DdzSJf-n.mjs';
+
+const schema = {
+  walletAddress: {
+    fields: {
+      userId: {
+        type: "string",
+        references: {
+          model: "user",
+          field: "id"
+        },
+        required: true
+      },
+      address: {
+        type: "string",
+        required: true
+      },
+      chainId: {
+        type: "number",
+        required: true
+      },
+      isPrimary: {
+        type: "boolean",
+        defaultValue: false
+      },
+      createdAt: {
+        type: "date",
+        required: true
+      }
+    }
+  }
+};
+
+function toChecksumAddress(address) {
+  address = address.toLowerCase().replace("0x", "");
+  const hash = [...keccak_256(address)].map((v) => v.toString(16).padStart(2, "0")).join("");
+  let ret = "0x";
+  for (let i = 0; i < 40; i++) {
+    if (parseInt(hash[i], 16) >= 8) {
+      ret += address[i].toUpperCase();
+    } else {
+      ret += address[i];
+    }
+  }
+  return ret;
+}
+
+const siwe = (options) => ({
+  id: "siwe",
+  schema,
+  endpoints: {
+    getSiweNonce: createAuthEndpoint(
+      "/siwe/nonce",
+      {
+        method: "POST",
+        body: z.object({
+          walletAddress: z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
+          chainId: z.number().int().positive().max(2147483647).optional().default(1)
+          // Default to Ethereum mainnet
+        })
+      },
+      async (ctx) => {
+        const { walletAddress: rawWalletAddress, chainId } = ctx.body;
+        const walletAddress = toChecksumAddress(rawWalletAddress);
+        const nonce = await options.getNonce();
+        await ctx.context.internalAdapter.createVerificationValue({
+          identifier: `siwe:${walletAddress}:${chainId}`,
+          value: nonce,
+          expiresAt: new Date(Date.now() + 15 * 60 * 1e3)
+        });
+        return ctx.json({ nonce });
+      }
+    ),
+    verifySiweMessage: createAuthEndpoint(
+      "/siwe/verify",
+      {
+        method: "POST",
+        body: z.object({
+          message: z.string().min(1),
+          signature: z.string().min(1),
+          walletAddress: z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
+          chainId: z.number().int().positive().max(2147483647).optional().default(1),
+          email: z.string().email().optional()
+        }).refine((data) => options.anonymous !== false || !!data.email, {
+          message: "Email is required when the anonymous plugin option is disabled.",
+          path: ["email"]
+        }),
+        requireRequest: true
+      },
+      async (ctx) => {
+        const {
+          message,
+          signature,
+          walletAddress: rawWalletAddress,
+          chainId,
+          email
+        } = ctx.body;
+        const walletAddress = toChecksumAddress(rawWalletAddress);
+        const isAnon = options.anonymous ?? true;
+        if (!isAnon && !email) {
+          throw new APIError("BAD_REQUEST", {
+            message: "Email is required when anonymous is disabled.",
+            status: 400
+          });
+        }
+        try {
+          const verification = await ctx.context.internalAdapter.findVerificationValue(
+            `siwe:${walletAddress}:${chainId}`
+          );
+          if (!verification || /* @__PURE__ */ new Date() > verification.expiresAt) {
+            throw new APIError("UNAUTHORIZED", {
+              message: "Unauthorized: Invalid or expired nonce",
+              status: 401,
+              code: "UNAUTHORIZED_INVALID_OR_EXPIRED_NONCE"
+            });
+          }
+          const { value: nonce } = verification;
+          const verified = await options.verifyMessage({
+            message,
+            signature,
+            address: walletAddress,
+            chainId,
+            cacao: {
+              h: { t: "caip122" },
+              p: {
+                domain: options.domain,
+                aud: options.domain,
+                nonce,
+                iss: options.domain,
+                version: "1"
+              },
+              s: { t: "eip191", s: signature }
+            }
+          });
+          if (!verified) {
+            throw new APIError("UNAUTHORIZED", {
+              message: "Unauthorized: Invalid SIWE signature",
+              status: 401
+            });
+          }
+          await ctx.context.internalAdapter.deleteVerificationValue(
+            verification.id
+          );
+          let user = null;
+          const existingWalletAddress = await ctx.context.adapter.findOne({
+            model: "walletAddress",
+            where: [
+              { field: "address", operator: "eq", value: walletAddress },
+              { field: "chainId", operator: "eq", value: chainId }
+            ]
+          });
+          if (existingWalletAddress) {
+            user = await ctx.context.adapter.findOne({
+              model: "user",
+              where: [
+                {
+                  field: "id",
+                  operator: "eq",
+                  value: existingWalletAddress.userId
+                }
+              ]
+            });
+          } else {
+            const anyWalletAddress = await ctx.context.adapter.findOne({
+              model: "walletAddress",
+              where: [
+                { field: "address", operator: "eq", value: walletAddress }
+              ]
+            });
+            if (anyWalletAddress) {
+              user = await ctx.context.adapter.findOne({
+                model: "user",
+                where: [
+                  {
+                    field: "id",
+                    operator: "eq",
+                    value: anyWalletAddress.userId
+                  }
+                ]
+              });
+            }
+          }
+          if (!user) {
+            const domain = options.emailDomainName ?? getOrigin(ctx.context.baseURL);
+            const userEmail = !isAnon && email ? email : `${walletAddress}@${domain}`;
+            const { name, avatar } = await options.ensLookup?.({ walletAddress }) ?? {};
+            user = await ctx.context.internalAdapter.createUser({
+              name: name ?? walletAddress,
+              email: userEmail,
+              image: avatar ?? ""
+            });
+            await ctx.context.adapter.create({
+              model: "walletAddress",
+              data: {
+                userId: user.id,
+                address: walletAddress,
+                chainId,
+                isPrimary: true,
+                // First address is primary
+                createdAt: /* @__PURE__ */ new Date()
+              }
+            });
+            await ctx.context.internalAdapter.createAccount({
+              userId: user.id,
+              providerId: "siwe",
+              accountId: `${walletAddress}:${chainId}`,
+              createdAt: /* @__PURE__ */ new Date(),
+              updatedAt: /* @__PURE__ */ new Date()
+            });
+          } else {
+            if (!existingWalletAddress) {
+              await ctx.context.adapter.create({
+                model: "walletAddress",
+                data: {
+                  userId: user.id,
+                  address: walletAddress,
+                  chainId,
+                  isPrimary: false,
+                  // Additional addresses are not primary by default
+                  createdAt: /* @__PURE__ */ new Date()
+                }
+              });
+              await ctx.context.internalAdapter.createAccount({
+                userId: user.id,
+                providerId: "siwe",
+                accountId: `${walletAddress}:${chainId}`,
+                createdAt: /* @__PURE__ */ new Date(),
+                updatedAt: /* @__PURE__ */ new Date()
+              });
+            }
+          }
+          const session = await ctx.context.internalAdapter.createSession(
+            user.id,
+            ctx
+          );
+          if (!session) {
+            throw new APIError("INTERNAL_SERVER_ERROR", {
+              message: "Internal Server Error",
+              status: 500
+            });
+          }
+          await setSessionCookie(ctx, { session, user });
+          return ctx.json({
+            token: session.token,
+            success: true,
+            user: {
+              id: user.id,
+              walletAddress,
+              chainId
+            }
+          });
+        } catch (error) {
+          if (error instanceof APIError) throw error;
+          throw new APIError("UNAUTHORIZED", {
+            message: "Something went wrong. Please try again later.",
+            error: error instanceof Error ? error.message : "Unknown error",
+            status: 401
+          });
+        }
+      }
+    )
+  }
+});
+
+export { siwe };

package/dist/plugins/sso/index.cjs

@@ -2,7 +2,7 @@
 
 const z = require('zod/v4');
 const betterCall = require('better-call');
-const socialProviders_index = require('../../shared/better-auth.DG2FJeYI.cjs');
+const socialProviders_index = require('../../shared/better-auth.CU2ZnFFo.cjs');
 const cookies_index = require('../../cookies/index.cjs');
 require('../../shared/better-auth.BIMq4RPW.cjs');
 require('../../shared/better-auth.DiSjtgs9.cjs');