better-auth 1.4.18 → 1.4.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/drizzle-adapter/drizzle-adapter.mjs +37 -5
- package/dist/adapters/drizzle-adapter/drizzle-adapter.mjs.map +1 -1
- package/dist/adapters/kysely-adapter/kysely-adapter.mjs +13 -3
- package/dist/adapters/kysely-adapter/kysely-adapter.mjs.map +1 -1
- package/dist/adapters/memory-adapter/memory-adapter.mjs +21 -17
- package/dist/adapters/memory-adapter/memory-adapter.mjs.map +1 -1
- package/dist/adapters/mongodb-adapter/mongodb-adapter.mjs +12 -1
- package/dist/adapters/mongodb-adapter/mongodb-adapter.mjs.map +1 -1
- package/dist/adapters/prisma-adapter/prisma-adapter.mjs +2 -2
- package/dist/adapters/prisma-adapter/prisma-adapter.mjs.map +1 -1
- package/dist/api/index.d.mts +407 -407
- package/dist/api/routes/account.d.mts +11 -11
- package/dist/api/routes/account.mjs +1 -1
- package/dist/api/routes/account.mjs.map +1 -1
- package/dist/api/routes/callback.d.mts +2 -2
- package/dist/api/routes/callback.mjs +1 -1
- package/dist/api/routes/callback.mjs.map +1 -1
- package/dist/api/routes/email-verification.d.mts +4 -4
- package/dist/api/routes/email-verification.mjs +1 -1
- package/dist/api/routes/email-verification.mjs.map +1 -1
- package/dist/api/routes/error.d.mts +2 -2
- package/dist/api/routes/ok.d.mts +2 -2
- package/dist/api/routes/password.d.mts +7 -7
- package/dist/api/routes/session.d.mts +14 -14
- package/dist/api/routes/sign-in.d.mts +4 -4
- package/dist/api/routes/sign-out.d.mts +2 -2
- package/dist/api/routes/sign-up.d.mts +3 -3
- package/dist/api/routes/update-user.d.mts +13 -13
- package/dist/api/routes/update-user.mjs +1 -1
- package/dist/api/routes/update-user.mjs.map +1 -1
- package/dist/client/react/index.d.mts +13 -13
- package/dist/client/svelte/index.d.mts +15 -15
- package/dist/client/vanilla.d.mts +15 -15
- package/dist/client/vue/index.d.mts +15 -15
- package/dist/context/create-context.mjs +1 -1
- package/dist/context/create-context.mjs.map +1 -1
- package/dist/cookies/index.d.mts +6 -6
- package/dist/cookies/index.mjs +5 -8
- package/dist/cookies/index.mjs.map +1 -1
- package/dist/db/field.d.mts +10 -10
- package/dist/db/field.mjs.map +1 -1
- package/dist/db/internal-adapter.mjs +1 -1
- package/dist/db/internal-adapter.mjs.map +1 -1
- package/dist/integrations/next-js.d.mts +4 -4
- package/dist/integrations/svelte-kit.d.mts +2 -2
- package/dist/integrations/tanstack-start-solid.d.mts +4 -4
- package/dist/integrations/tanstack-start.d.mts +4 -4
- package/dist/plugins/access/types.d.mts +1 -1
- package/dist/plugins/admin/admin.d.mts +114 -119
- package/dist/plugins/admin/admin.mjs +1 -1
- package/dist/plugins/admin/admin.mjs.map +1 -1
- package/dist/plugins/admin/routes.mjs +1 -1
- package/dist/plugins/admin/routes.mjs.map +1 -1
- package/dist/plugins/anonymous/index.d.mts +7 -7
- package/dist/plugins/api-key/index.d.mts +95 -80
- package/dist/plugins/api-key/routes/verify-api-key.mjs +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -1
- package/dist/plugins/bearer/index.d.mts +6 -6
- package/dist/plugins/captcha/index.d.mts +2 -2
- package/dist/plugins/custom-session/index.d.mts +5 -5
- package/dist/plugins/custom-session/index.mjs +13 -5
- package/dist/plugins/custom-session/index.mjs.map +1 -1
- package/dist/plugins/device-authorization/index.d.mts +6 -6
- package/dist/plugins/email-otp/index.d.mts +16 -16
- package/dist/plugins/email-otp/routes.mjs +1 -1
- package/dist/plugins/email-otp/routes.mjs.map +1 -1
- package/dist/plugins/generic-oauth/error-codes.mjs +3 -1
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -1
- package/dist/plugins/generic-oauth/index.d.mts +32 -29
- package/dist/plugins/generic-oauth/index.mjs +8 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -1
- package/dist/plugins/generic-oauth/routes.mjs +19 -2
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -1
- package/dist/plugins/generic-oauth/types.d.mts +14 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +3 -3
- package/dist/plugins/jwt/client.d.mts +2 -2
- package/dist/plugins/jwt/index.d.mts +9 -9
- package/dist/plugins/last-login-method/index.d.mts +4 -4
- package/dist/plugins/magic-link/index.d.mts +4 -4
- package/dist/plugins/mcp/authorize.mjs +1 -1
- package/dist/plugins/mcp/authorize.mjs.map +1 -1
- package/dist/plugins/mcp/index.d.mts +10 -10
- package/dist/plugins/multi-session/index.d.mts +9 -9
- package/dist/plugins/oauth-proxy/index.d.mts +8 -8
- package/dist/plugins/oidc-provider/authorize.mjs +1 -1
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -1
- package/dist/plugins/oidc-provider/index.d.mts +15 -15
- package/dist/plugins/one-tap/client.d.mts +5 -5
- package/dist/plugins/one-tap/index.d.mts +2 -2
- package/dist/plugins/one-time-token/index.d.mts +5 -5
- package/dist/plugins/open-api/index.d.mts +3 -3
- package/dist/plugins/organization/client.d.mts +9 -9
- package/dist/plugins/organization/error-codes.d.mts +1 -0
- package/dist/plugins/organization/error-codes.mjs +2 -1
- package/dist/plugins/organization/error-codes.mjs.map +1 -1
- package/dist/plugins/organization/organization.d.mts +4 -4
- package/dist/plugins/organization/routes/crud-access-control.d.mts +22 -22
- package/dist/plugins/organization/routes/crud-access-control.mjs +22 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -1
- package/dist/plugins/organization/routes/crud-invites.d.mts +70 -70
- package/dist/plugins/organization/routes/crud-invites.mjs +0 -4
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -1
- package/dist/plugins/organization/routes/crud-members.d.mts +67 -67
- package/dist/plugins/organization/routes/crud-org.d.mts +59 -59
- package/dist/plugins/organization/routes/crud-team.d.mts +79 -79
- package/dist/plugins/phone-number/index.d.mts +33 -33
- package/dist/plugins/phone-number/routes.mjs +6 -2
- package/dist/plugins/phone-number/routes.mjs.map +1 -1
- package/dist/plugins/siwe/index.d.mts +3 -3
- package/dist/plugins/two-factor/backup-codes/index.d.mts +5 -5
- package/dist/plugins/two-factor/client.d.mts +2 -2
- package/dist/plugins/two-factor/index.d.mts +18 -18
- package/dist/plugins/two-factor/otp/index.d.mts +3 -3
- package/dist/plugins/two-factor/totp/index.d.mts +5 -5
- package/dist/plugins/username/index.d.mts +12 -12
- package/dist/plugins/username/schema.d.mts +3 -3
- package/dist/test-utils/test-instance.d.mts +1242 -1242
- package/package.json +3 -3
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import { ApiKey, ApiKeyOptions } from "./types.mjs";
|
|
2
|
-
import * as
|
|
3
|
-
import * as
|
|
2
|
+
import * as _better_auth_core22 from "@better-auth/core";
|
|
3
|
+
import * as _better_auth_core_db3 from "@better-auth/core/db";
|
|
4
4
|
import * as _better_auth_core_env0 from "@better-auth/core/env";
|
|
5
|
-
import * as
|
|
6
|
-
import * as
|
|
7
|
-
import * as
|
|
8
|
-
import * as
|
|
9
|
-
import * as
|
|
5
|
+
import * as _better_auth_core_oauth22 from "@better-auth/core/oauth2";
|
|
6
|
+
import * as _better_auth_core_db_adapter0 from "@better-auth/core/db/adapter";
|
|
7
|
+
import * as better_call267 from "better-call";
|
|
8
|
+
import * as zod530 from "zod";
|
|
9
|
+
import * as zod_v4_core78 from "zod/v4/core";
|
|
10
10
|
|
|
11
11
|
//#region src/plugins/api-key/index.d.ts
|
|
12
12
|
declare const defaultKeyHasher: (key: string) => Promise<string>;
|
|
@@ -69,8 +69,8 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
69
69
|
};
|
|
70
70
|
hooks: {
|
|
71
71
|
before: {
|
|
72
|
-
matcher: (ctx:
|
|
73
|
-
handler: (inputContext:
|
|
72
|
+
matcher: (ctx: _better_auth_core22.HookEndpointContext) => boolean;
|
|
73
|
+
handler: (inputContext: better_call267.MiddlewareInputContext<better_call267.MiddlewareOptions>) => Promise<{
|
|
74
74
|
user: {
|
|
75
75
|
id: string;
|
|
76
76
|
createdAt: Date;
|
|
@@ -91,11 +91,11 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
91
91
|
expiresAt: Date;
|
|
92
92
|
};
|
|
93
93
|
} | {
|
|
94
|
-
context:
|
|
94
|
+
context: better_call267.MiddlewareContext<better_call267.MiddlewareOptions, {
|
|
95
95
|
returned?: unknown | undefined;
|
|
96
96
|
responseHeaders?: Headers | undefined;
|
|
97
|
-
} &
|
|
98
|
-
options:
|
|
97
|
+
} & _better_auth_core22.PluginContext & _better_auth_core22.InfoContext & {
|
|
98
|
+
options: _better_auth_core22.BetterAuthOptions;
|
|
99
99
|
appName: string;
|
|
100
100
|
baseURL: string;
|
|
101
101
|
trustedOrigins: string[];
|
|
@@ -107,29 +107,29 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
107
107
|
storeStateStrategy: "database" | "cookie";
|
|
108
108
|
};
|
|
109
109
|
newSession: {
|
|
110
|
-
session:
|
|
111
|
-
user:
|
|
110
|
+
session: _better_auth_core_db3.Session & Record<string, any>;
|
|
111
|
+
user: _better_auth_core_db3.User & Record<string, any>;
|
|
112
112
|
} | null;
|
|
113
113
|
session: {
|
|
114
|
-
session:
|
|
115
|
-
user:
|
|
114
|
+
session: _better_auth_core_db3.Session & Record<string, any>;
|
|
115
|
+
user: _better_auth_core_db3.User & Record<string, any>;
|
|
116
116
|
} | null;
|
|
117
117
|
setNewSession: (session: {
|
|
118
|
-
session:
|
|
119
|
-
user:
|
|
118
|
+
session: _better_auth_core_db3.Session & Record<string, any>;
|
|
119
|
+
user: _better_auth_core_db3.User & Record<string, any>;
|
|
120
120
|
} | null) => void;
|
|
121
|
-
socialProviders:
|
|
122
|
-
authCookies:
|
|
121
|
+
socialProviders: _better_auth_core_oauth22.OAuthProvider[];
|
|
122
|
+
authCookies: _better_auth_core22.BetterAuthCookies;
|
|
123
123
|
logger: ReturnType<typeof _better_auth_core_env0.createLogger>;
|
|
124
124
|
rateLimit: {
|
|
125
125
|
enabled: boolean;
|
|
126
126
|
window: number;
|
|
127
127
|
max: number;
|
|
128
128
|
storage: "memory" | "database" | "secondary-storage";
|
|
129
|
-
} & Omit<
|
|
130
|
-
adapter:
|
|
131
|
-
internalAdapter:
|
|
132
|
-
createAuthCookie: (cookieName: string, overrideAttributes?: Partial<
|
|
129
|
+
} & Omit<_better_auth_core22.BetterAuthRateLimitOptions, "enabled" | "window" | "max" | "storage">;
|
|
130
|
+
adapter: _better_auth_core_db_adapter0.DBAdapter<_better_auth_core22.BetterAuthOptions>;
|
|
131
|
+
internalAdapter: _better_auth_core22.InternalAdapter<_better_auth_core22.BetterAuthOptions>;
|
|
132
|
+
createAuthCookie: (cookieName: string, overrideAttributes?: Partial<better_call267.CookieOptions> | undefined) => _better_auth_core22.BetterAuthCookie;
|
|
133
133
|
secret: string;
|
|
134
134
|
sessionConfig: {
|
|
135
135
|
updateAge: number;
|
|
@@ -141,10 +141,10 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
141
141
|
};
|
|
142
142
|
};
|
|
143
143
|
generateId: (options: {
|
|
144
|
-
model:
|
|
144
|
+
model: _better_auth_core_db3.ModelNames;
|
|
145
145
|
size?: number | undefined;
|
|
146
146
|
}) => string | false;
|
|
147
|
-
secondaryStorage:
|
|
147
|
+
secondaryStorage: _better_auth_core_db3.SecondaryStorage | undefined;
|
|
148
148
|
password: {
|
|
149
149
|
hash: (password: string) => Promise<string>;
|
|
150
150
|
verify: (data: {
|
|
@@ -155,9 +155,9 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
155
155
|
minPasswordLength: number;
|
|
156
156
|
maxPasswordLength: number;
|
|
157
157
|
};
|
|
158
|
-
checkPassword: (userId: string, ctx:
|
|
158
|
+
checkPassword: (userId: string, ctx: _better_auth_core22.GenericEndpointContext<_better_auth_core22.BetterAuthOptions>) => Promise<boolean>;
|
|
159
159
|
};
|
|
160
|
-
tables:
|
|
160
|
+
tables: _better_auth_core_db3.BetterAuthDBSchema;
|
|
161
161
|
runMigrations: () => Promise<void>;
|
|
162
162
|
publishTelemetry: (event: {
|
|
163
163
|
type: string;
|
|
@@ -167,7 +167,7 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
167
167
|
skipOriginCheck: boolean | string[];
|
|
168
168
|
skipCSRFCheck: boolean;
|
|
169
169
|
runInBackground: (promise: Promise<unknown>) => void;
|
|
170
|
-
runInBackgroundOrAwait: (promise: Promise<unknown> | void) =>
|
|
170
|
+
runInBackgroundOrAwait: (promise: Promise<unknown> | void) => _better_auth_core22.Awaitable<unknown>;
|
|
171
171
|
}>;
|
|
172
172
|
}>;
|
|
173
173
|
}[];
|
|
@@ -188,22 +188,22 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
188
188
|
*
|
|
189
189
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-create)
|
|
190
190
|
*/
|
|
191
|
-
createApiKey:
|
|
191
|
+
createApiKey: better_call267.StrictEndpoint<"/api-key/create", {
|
|
192
192
|
method: "POST";
|
|
193
|
-
body:
|
|
194
|
-
name:
|
|
195
|
-
expiresIn:
|
|
196
|
-
userId:
|
|
197
|
-
prefix:
|
|
198
|
-
remaining:
|
|
199
|
-
metadata:
|
|
200
|
-
refillAmount:
|
|
201
|
-
refillInterval:
|
|
202
|
-
rateLimitTimeWindow:
|
|
203
|
-
rateLimitMax:
|
|
204
|
-
rateLimitEnabled:
|
|
205
|
-
permissions:
|
|
206
|
-
},
|
|
193
|
+
body: zod530.ZodObject<{
|
|
194
|
+
name: zod530.ZodOptional<zod530.ZodString>;
|
|
195
|
+
expiresIn: zod530.ZodDefault<zod530.ZodNullable<zod530.ZodOptional<zod530.ZodNumber>>>;
|
|
196
|
+
userId: zod530.ZodOptional<zod530.ZodCoercedString<unknown>>;
|
|
197
|
+
prefix: zod530.ZodOptional<zod530.ZodString>;
|
|
198
|
+
remaining: zod530.ZodDefault<zod530.ZodNullable<zod530.ZodOptional<zod530.ZodNumber>>>;
|
|
199
|
+
metadata: zod530.ZodOptional<zod530.ZodAny>;
|
|
200
|
+
refillAmount: zod530.ZodOptional<zod530.ZodNumber>;
|
|
201
|
+
refillInterval: zod530.ZodOptional<zod530.ZodNumber>;
|
|
202
|
+
rateLimitTimeWindow: zod530.ZodOptional<zod530.ZodNumber>;
|
|
203
|
+
rateLimitMax: zod530.ZodOptional<zod530.ZodNumber>;
|
|
204
|
+
rateLimitEnabled: zod530.ZodOptional<zod530.ZodBoolean>;
|
|
205
|
+
permissions: zod530.ZodOptional<zod530.ZodRecord<zod530.ZodString, zod530.ZodArray<zod530.ZodString>>>;
|
|
206
|
+
}, zod_v4_core78.$strip>;
|
|
207
207
|
metadata: {
|
|
208
208
|
openapi: {
|
|
209
209
|
description: string;
|
|
@@ -368,17 +368,32 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
368
368
|
*
|
|
369
369
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-verify)
|
|
370
370
|
*/
|
|
371
|
-
verifyApiKey:
|
|
371
|
+
verifyApiKey: better_call267.StrictEndpoint<string, {
|
|
372
372
|
method: "POST";
|
|
373
|
-
body:
|
|
374
|
-
key:
|
|
375
|
-
permissions:
|
|
376
|
-
},
|
|
373
|
+
body: zod530.ZodObject<{
|
|
374
|
+
key: zod530.ZodString;
|
|
375
|
+
permissions: zod530.ZodOptional<zod530.ZodRecord<zod530.ZodString, zod530.ZodArray<zod530.ZodString>>>;
|
|
376
|
+
}, zod_v4_core78.$strip>;
|
|
377
377
|
}, {
|
|
378
|
+
valid: boolean;
|
|
379
|
+
error: {
|
|
380
|
+
message: "Invalid API key.";
|
|
381
|
+
code: "KEY_NOT_FOUND";
|
|
382
|
+
};
|
|
383
|
+
key: null;
|
|
384
|
+
} | {
|
|
378
385
|
valid: boolean;
|
|
379
386
|
error: {
|
|
380
387
|
message: string | undefined;
|
|
381
388
|
code: string;
|
|
389
|
+
cause?: unknown;
|
|
390
|
+
};
|
|
391
|
+
key: null;
|
|
392
|
+
} | {
|
|
393
|
+
valid: boolean;
|
|
394
|
+
error: {
|
|
395
|
+
message: "Invalid API key.";
|
|
396
|
+
code: "INVALID_API_KEY";
|
|
382
397
|
};
|
|
383
398
|
key: null;
|
|
384
399
|
} | {
|
|
@@ -401,12 +416,12 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
401
416
|
*
|
|
402
417
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-get)
|
|
403
418
|
*/
|
|
404
|
-
getApiKey:
|
|
419
|
+
getApiKey: better_call267.StrictEndpoint<"/api-key/get", {
|
|
405
420
|
method: "GET";
|
|
406
|
-
query:
|
|
407
|
-
id:
|
|
408
|
-
},
|
|
409
|
-
use: ((inputContext:
|
|
421
|
+
query: zod530.ZodObject<{
|
|
422
|
+
id: zod530.ZodString;
|
|
423
|
+
}, zod_v4_core78.$strip>;
|
|
424
|
+
use: ((inputContext: better_call267.MiddlewareInputContext<better_call267.MiddlewareOptions>) => Promise<{
|
|
410
425
|
session: {
|
|
411
426
|
session: Record<string, any> & {
|
|
412
427
|
id: string;
|
|
@@ -588,23 +603,23 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
588
603
|
*
|
|
589
604
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-update)
|
|
590
605
|
*/
|
|
591
|
-
updateApiKey:
|
|
606
|
+
updateApiKey: better_call267.StrictEndpoint<"/api-key/update", {
|
|
592
607
|
method: "POST";
|
|
593
|
-
body:
|
|
594
|
-
keyId:
|
|
595
|
-
userId:
|
|
596
|
-
name:
|
|
597
|
-
enabled:
|
|
598
|
-
remaining:
|
|
599
|
-
refillAmount:
|
|
600
|
-
refillInterval:
|
|
601
|
-
metadata:
|
|
602
|
-
expiresIn:
|
|
603
|
-
rateLimitEnabled:
|
|
604
|
-
rateLimitTimeWindow:
|
|
605
|
-
rateLimitMax:
|
|
606
|
-
permissions:
|
|
607
|
-
},
|
|
608
|
+
body: zod530.ZodObject<{
|
|
609
|
+
keyId: zod530.ZodString;
|
|
610
|
+
userId: zod530.ZodOptional<zod530.ZodCoercedString<unknown>>;
|
|
611
|
+
name: zod530.ZodOptional<zod530.ZodString>;
|
|
612
|
+
enabled: zod530.ZodOptional<zod530.ZodBoolean>;
|
|
613
|
+
remaining: zod530.ZodOptional<zod530.ZodNumber>;
|
|
614
|
+
refillAmount: zod530.ZodOptional<zod530.ZodNumber>;
|
|
615
|
+
refillInterval: zod530.ZodOptional<zod530.ZodNumber>;
|
|
616
|
+
metadata: zod530.ZodOptional<zod530.ZodAny>;
|
|
617
|
+
expiresIn: zod530.ZodNullable<zod530.ZodOptional<zod530.ZodNumber>>;
|
|
618
|
+
rateLimitEnabled: zod530.ZodOptional<zod530.ZodBoolean>;
|
|
619
|
+
rateLimitTimeWindow: zod530.ZodOptional<zod530.ZodNumber>;
|
|
620
|
+
rateLimitMax: zod530.ZodOptional<zod530.ZodNumber>;
|
|
621
|
+
permissions: zod530.ZodNullable<zod530.ZodOptional<zod530.ZodRecord<zod530.ZodString, zod530.ZodArray<zod530.ZodString>>>>;
|
|
622
|
+
}, zod_v4_core78.$strip>;
|
|
608
623
|
metadata: {
|
|
609
624
|
openapi: {
|
|
610
625
|
description: string;
|
|
@@ -764,12 +779,12 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
764
779
|
*
|
|
765
780
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-delete)
|
|
766
781
|
*/
|
|
767
|
-
deleteApiKey:
|
|
782
|
+
deleteApiKey: better_call267.StrictEndpoint<"/api-key/delete", {
|
|
768
783
|
method: "POST";
|
|
769
|
-
body:
|
|
770
|
-
keyId:
|
|
771
|
-
},
|
|
772
|
-
use: ((inputContext:
|
|
784
|
+
body: zod530.ZodObject<{
|
|
785
|
+
keyId: zod530.ZodString;
|
|
786
|
+
}, zod_v4_core78.$strip>;
|
|
787
|
+
use: ((inputContext: better_call267.MiddlewareInputContext<better_call267.MiddlewareOptions>) => Promise<{
|
|
773
788
|
session: {
|
|
774
789
|
session: Record<string, any> & {
|
|
775
790
|
id: string;
|
|
@@ -850,9 +865,9 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
850
865
|
*
|
|
851
866
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-list)
|
|
852
867
|
*/
|
|
853
|
-
listApiKeys:
|
|
868
|
+
listApiKeys: better_call267.StrictEndpoint<"/api-key/list", {
|
|
854
869
|
method: "GET";
|
|
855
|
-
use: ((inputContext:
|
|
870
|
+
use: ((inputContext: better_call267.MiddlewareInputContext<better_call267.MiddlewareOptions>) => Promise<{
|
|
856
871
|
session: {
|
|
857
872
|
session: Record<string, any> & {
|
|
858
873
|
id: string;
|
|
@@ -1034,7 +1049,7 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
1034
1049
|
*
|
|
1035
1050
|
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/api-key#api-method-api-key-delete-all-expired-api-keys)
|
|
1036
1051
|
*/
|
|
1037
|
-
deleteAllExpiredApiKeys:
|
|
1052
|
+
deleteAllExpiredApiKeys: better_call267.StrictEndpoint<string, {
|
|
1038
1053
|
method: "POST";
|
|
1039
1054
|
}, {
|
|
1040
1055
|
success: boolean;
|
|
@@ -1156,8 +1171,8 @@ declare const apiKey: (options?: ApiKeyOptions | undefined) => {
|
|
|
1156
1171
|
required: false;
|
|
1157
1172
|
input: true;
|
|
1158
1173
|
transform: {
|
|
1159
|
-
input(value:
|
|
1160
|
-
output(value:
|
|
1174
|
+
input(value: _better_auth_core_db3.DBPrimitive): string;
|
|
1175
|
+
output(value: _better_auth_core_db3.DBPrimitive): any;
|
|
1161
1176
|
};
|
|
1162
1177
|
};
|
|
1163
1178
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-api-key.mjs","names":["updated: ApiKey","newApiKey: ApiKey | null","apiKey: ApiKey | null","migratedMetadata: Record<string, any> | null"],"sources":["../../../../src/plugins/api-key/routes/verify-api-key.ts"],"sourcesContent":["import type { AuthContext, GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { safeJSONParse } from \"@better-auth/core/utils\";\nimport * as z from \"zod\";\nimport { APIError } from \"../../../api\";\nimport { role } from \"../../access\";\nimport { API_KEY_TABLE_NAME, ERROR_CODES } from \"..\";\nimport { defaultKeyHasher } from \"../\";\nimport {\n\tdeleteApiKey,\n\tgetApiKey,\n\tmigrateDoubleStringifiedMetadata,\n\tsetApiKey,\n} from \"../adapter\";\nimport { isRateLimited } from \"../rate-limit\";\nimport type { apiKeySchema } from \"../schema\";\nimport type { ApiKey } from \"../types\";\nimport type { PredefinedApiKeyOptions } from \".\";\n\nexport async function validateApiKey({\n\thashedKey,\n\tctx,\n\topts,\n\tschema,\n\tpermissions,\n}: {\n\thashedKey: string;\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tpermissions?: Record<string, string[]> | undefined;\n\tctx: GenericEndpointContext;\n}) {\n\tconst apiKey = await getApiKey(ctx, hashedKey, opts);\n\n\tif (!apiKey) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t});\n\t}\n\n\tif (apiKey.enabled === false) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: ERROR_CODES.KEY_DISABLED,\n\t\t\tcode: \"KEY_DISABLED\" as const,\n\t\t});\n\t}\n\n\tif (apiKey.expiresAt) {\n\t\tconst now = Date.now();\n\t\tconst expiresAt = new Date(apiKey.expiresAt).getTime();\n\t\tif (now > expiresAt) {\n\t\t\tconst deleteExpiredKey = async () => {\n\t\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t\t});\n\t\t\t\t} else if (opts.storage === \"secondary-storage\") {\n\t\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\t} else {\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t};\n\n\t\t\tif (opts.deferUpdates) {\n\t\t\t\tctx.context.runInBackground(\n\t\t\t\t\tdeleteExpiredKey().catch((error) => {\n\t\t\t\t\t\tctx.context.logger.error(\"Deferred update failed:\", error);\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\tawait deleteExpiredKey();\n\t\t\t}\n\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: ERROR_CODES.KEY_EXPIRED,\n\t\t\t\tcode: \"KEY_EXPIRED\" as const,\n\t\t\t});\n\t\t}\n\t}\n\n\tif (permissions) {\n\t\tconst apiKeyPermissions = apiKey.permissions\n\t\t\t? safeJSONParse<{\n\t\t\t\t\t[key: string]: string[];\n\t\t\t\t}>(apiKey.permissions)\n\t\t\t: null;\n\n\t\tif (!apiKeyPermissions) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: ERROR_CODES.KEY_NOT_FOUND,\n\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t});\n\t\t}\n\t\tconst r = role(apiKeyPermissions as any);\n\t\tconst result = r.authorize(permissions);\n\t\tif (!result.success) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: ERROR_CODES.KEY_NOT_FOUND,\n\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t});\n\t\t}\n\t}\n\n\tlet remaining = apiKey.remaining;\n\tlet lastRefillAt = apiKey.lastRefillAt;\n\n\tif (apiKey.remaining === 0 && apiKey.refillAmount === null) {\n\t\tconst deleteExhaustedKey = async () => {\n\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t});\n\t\t\t} else if (opts.storage === \"secondary-storage\") {\n\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t} else {\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t});\n\t\t\t}\n\t\t};\n\n\t\tif (opts.deferUpdates) {\n\t\t\tctx.context.runInBackground(\n\t\t\t\tdeleteExhaustedKey().catch((error) => {\n\t\t\t\t\tctx.context.logger.error(\"Deferred update failed:\", error);\n\t\t\t\t}),\n\t\t\t);\n\t\t} else {\n\t\t\tawait deleteExhaustedKey();\n\t\t}\n\n\t\tthrow new APIError(\"TOO_MANY_REQUESTS\", {\n\t\t\tmessage: ERROR_CODES.USAGE_EXCEEDED,\n\t\t\tcode: \"USAGE_EXCEEDED\" as const,\n\t\t});\n\t} else if (remaining !== null) {\n\t\tconst now = Date.now();\n\t\tconst refillInterval = apiKey.refillInterval;\n\t\tconst refillAmount = apiKey.refillAmount;\n\t\tconst lastTime = new Date(lastRefillAt ?? apiKey.createdAt).getTime();\n\n\t\tif (refillInterval && refillAmount) {\n\t\t\t// if they provide refill info, then we should refill once the interval is reached.\n\n\t\t\tconst timeSinceLastRequest = now - lastTime;\n\t\t\tif (timeSinceLastRequest > refillInterval) {\n\t\t\t\tremaining = refillAmount;\n\t\t\t\tlastRefillAt = new Date();\n\t\t\t}\n\t\t}\n\n\t\tif (remaining === 0) {\n\t\t\t// if there are no more remaining requests, than the key is invalid\n\t\t\tthrow new APIError(\"TOO_MANY_REQUESTS\", {\n\t\t\t\tmessage: ERROR_CODES.USAGE_EXCEEDED,\n\t\t\t\tcode: \"USAGE_EXCEEDED\" as const,\n\t\t\t});\n\t\t} else {\n\t\t\tremaining--;\n\t\t}\n\t}\n\n\tconst { message, success, update, tryAgainIn } = isRateLimited(apiKey, opts);\n\n\tif (success === false) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: message ?? undefined,\n\t\t\tcode: \"RATE_LIMITED\" as const,\n\t\t\tdetails: {\n\t\t\t\ttryAgainIn,\n\t\t\t},\n\t\t});\n\t}\n\n\tconst updated: ApiKey = {\n\t\t...apiKey,\n\t\t...update,\n\t\tremaining,\n\t\tlastRefillAt,\n\t\tupdatedAt: new Date(),\n\t};\n\n\tconst performUpdate = async (): Promise<ApiKey | null> => {\n\t\tif (opts.storage === \"database\") {\n\t\t\treturn ctx.context.adapter.update<ApiKey>({\n\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\tupdate: { ...updated, id: undefined },\n\t\t\t});\n\t\t} else if (\n\t\t\topts.storage === \"secondary-storage\" &&\n\t\t\topts.fallbackToDatabase\n\t\t) {\n\t\t\tconst dbUpdated = await ctx.context.adapter.update<ApiKey>({\n\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\tupdate: { ...updated, id: undefined },\n\t\t\t});\n\t\t\tif (dbUpdated) {\n\t\t\t\tawait setApiKey(ctx, dbUpdated, opts);\n\t\t\t}\n\t\t\treturn dbUpdated;\n\t\t} else {\n\t\t\tawait setApiKey(ctx, updated, opts);\n\t\t\treturn updated;\n\t\t}\n\t};\n\n\tlet newApiKey: ApiKey | null = null;\n\n\tif (opts.deferUpdates) {\n\t\tctx.context.runInBackground(\n\t\t\tperformUpdate().catch((error) => {\n\t\t\t\tctx.context.logger.error(\"Failed to update API key:\", error);\n\t\t\t}),\n\t\t);\n\t\tnewApiKey = updated;\n\t} else {\n\t\tnewApiKey = await performUpdate();\n\t\tif (!newApiKey) {\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: ERROR_CODES.FAILED_TO_UPDATE_API_KEY,\n\t\t\t\tcode: \"INTERNAL_SERVER_ERROR\" as const,\n\t\t\t});\n\t\t}\n\t}\n\n\treturn newApiKey;\n}\n\nconst verifyApiKeyBodySchema = z.object({\n\tkey: z.string().meta({\n\t\tdescription: \"The key to verify\",\n\t}),\n\tpermissions: z\n\t\t.record(z.string(), z.array(z.string()))\n\t\t.meta({\n\t\t\tdescription: \"The permissions to verify.\",\n\t\t})\n\t\t.optional(),\n});\n\nexport function verifyApiKey({\n\topts,\n\tschema,\n\tdeleteAllExpiredApiKeys,\n}: {\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tdeleteAllExpiredApiKeys(\n\t\tctx: AuthContext,\n\t\tbyPassLastCheckTime?: boolean | undefined,\n\t): Promise<void>;\n}) {\n\treturn createAuthEndpoint(\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: verifyApiKeyBodySchema,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { key } = ctx.body;\n\n\t\t\tif (opts.customAPIKeyValidator) {\n\t\t\t\tconst isValid = await opts.customAPIKeyValidator({ ctx, key });\n\t\t\t\tif (!isValid) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tvalid: false,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t\t\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tkey: null,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst hashed = opts.disableKeyHashing ? key : await defaultKeyHasher(key);\n\n\t\t\tlet apiKey: ApiKey | null = null;\n\n\t\t\ttry {\n\t\t\t\tapiKey = await validateApiKey({\n\t\t\t\t\thashedKey: hashed,\n\t\t\t\t\tpermissions: ctx.body.permissions,\n\t\t\t\t\tctx,\n\t\t\t\t\topts,\n\t\t\t\t\tschema,\n\t\t\t\t});\n\n\t\t\t\tif (opts.deferUpdates) {\n\t\t\t\t\tctx.context.runInBackground(\n\t\t\t\t\t\tdeleteAllExpiredApiKeys(ctx.context).catch((err) => {\n\t\t\t\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\t\t\t\"Failed to delete expired API keys:\",\n\t\t\t\t\t\t\t\terr,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tctx.context.logger.error(\"Failed to validate API key:\", error);\n\t\t\t\tif (error instanceof APIError) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tvalid: false,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: error.body?.message,\n\t\t\t\t\t\t\tcode: error.body?.code as string,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tkey: null,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tvalid: false,\n\t\t\t\t\terror: {\n\t\t\t\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t\t\t\t\tcode: \"INVALID_API_KEY\" as const,\n\t\t\t\t\t},\n\t\t\t\t\tkey: null,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst { key: _, ...returningApiKey } = apiKey ?? {\n\t\t\t\tkey: 1,\n\t\t\t\tpermissions: undefined,\n\t\t\t};\n\n\t\t\t// Migrate legacy double-stringified metadata if needed\n\t\t\tlet migratedMetadata: Record<string, any> | null = null;\n\t\t\tif (apiKey) {\n\t\t\t\tmigratedMetadata = await migrateDoubleStringifiedMetadata(\n\t\t\t\t\tctx,\n\t\t\t\t\tapiKey,\n\t\t\t\t\topts,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\treturningApiKey.permissions = returningApiKey.permissions\n\t\t\t\t? safeJSONParse<{\n\t\t\t\t\t\t[key: string]: string[];\n\t\t\t\t\t}>(returningApiKey.permissions)\n\t\t\t\t: null;\n\n\t\t\treturn ctx.json({\n\t\t\t\tvalid: true,\n\t\t\t\terror: null,\n\t\t\t\tkey:\n\t\t\t\t\tapiKey === null\n\t\t\t\t\t\t? null\n\t\t\t\t\t\t: ({\n\t\t\t\t\t\t\t\t...returningApiKey,\n\t\t\t\t\t\t\t\tmetadata: migratedMetadata,\n\t\t\t\t\t\t\t} as Omit<ApiKey, \"key\">),\n\t\t\t});\n\t\t},\n\t);\n}\n"],"mappings":";;;;;;;;;;;AAmBA,eAAsB,eAAe,EACpC,WACA,KACA,MACA,QACA,eAOE;CACF,MAAM,SAAS,MAAM,UAAU,KAAK,WAAW,KAAK;AAEpD,KAAI,CAAC,OACJ,OAAM,IAAI,SAAS,gBAAgB,EAClC,SAAS,YAAY,iBACrB,CAAC;AAGH,KAAI,OAAO,YAAY,MACtB,OAAM,IAAI,SAAS,gBAAgB;EAClC,SAAS,YAAY;EACrB,MAAM;EACN,CAAC;AAGH,KAAI,OAAO,WAGV;MAFY,KAAK,KAAK,GACJ,IAAI,KAAK,OAAO,UAAU,CAAC,SAAS,EACjC;GACpB,MAAM,mBAAmB,YAAY;AACpC,QAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;AACpE,WAAM,aAAa,KAAK,QAAQ,KAAK;AACrC,WAAM,IAAI,QAAQ,QAAQ,OAAO;MAChC,OAAO;MACP,OAAO,CAAC;OAAE,OAAO;OAAM,OAAO,OAAO;OAAI,CAAC;MAC1C,CAAC;eACQ,KAAK,YAAY,oBAC3B,OAAM,aAAa,KAAK,QAAQ,KAAK;QAErC,OAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAM,OAAO,OAAO;MAAI,CAAC;KAC1C,CAAC;;AAIJ,OAAI,KAAK,aACR,KAAI,QAAQ,gBACX,kBAAkB,CAAC,OAAO,UAAU;AACnC,QAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;KACzD,CACF;OAED,OAAM,kBAAkB;AAGzB,SAAM,IAAI,SAAS,gBAAgB;IAClC,SAAS,YAAY;IACrB,MAAM;IACN,CAAC;;;AAIJ,KAAI,aAAa;EAChB,MAAM,oBAAoB,OAAO,cAC9B,cAEE,OAAO,YAAY,GACrB;AAEH,MAAI,CAAC,kBACJ,OAAM,IAAI,SAAS,gBAAgB;GAClC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;AAIH,MAAI,CAFM,KAAK,kBAAyB,CACvB,UAAU,YAAY,CAC3B,QACX,OAAM,IAAI,SAAS,gBAAgB;GAClC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;;CAIJ,IAAI,YAAY,OAAO;CACvB,IAAI,eAAe,OAAO;AAE1B,KAAI,OAAO,cAAc,KAAK,OAAO,iBAAiB,MAAM;EAC3D,MAAM,qBAAqB,YAAY;AACtC,OAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;AACpE,UAAM,aAAa,KAAK,QAAQ,KAAK;AACrC,UAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAM,OAAO,OAAO;MAAI,CAAC;KAC1C,CAAC;cACQ,KAAK,YAAY,oBAC3B,OAAM,aAAa,KAAK,QAAQ,KAAK;OAErC,OAAM,IAAI,QAAQ,QAAQ,OAAO;IAChC,OAAO;IACP,OAAO,CAAC;KAAE,OAAO;KAAM,OAAO,OAAO;KAAI,CAAC;IAC1C,CAAC;;AAIJ,MAAI,KAAK,aACR,KAAI,QAAQ,gBACX,oBAAoB,CAAC,OAAO,UAAU;AACrC,OAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;IACzD,CACF;MAED,OAAM,oBAAoB;AAG3B,QAAM,IAAI,SAAS,qBAAqB;GACvC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;YACQ,cAAc,MAAM;EAC9B,MAAM,MAAM,KAAK,KAAK;EACtB,MAAM,iBAAiB,OAAO;EAC9B,MAAM,eAAe,OAAO;EAC5B,MAAM,WAAW,IAAI,KAAK,gBAAgB,OAAO,UAAU,CAAC,SAAS;AAErE,MAAI,kBAAkB,cAIrB;OAD6B,MAAM,WACR,gBAAgB;AAC1C,gBAAY;AACZ,mCAAe,IAAI,MAAM;;;AAI3B,MAAI,cAAc,EAEjB,OAAM,IAAI,SAAS,qBAAqB;GACvC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;MAEF;;CAIF,MAAM,EAAE,SAAS,SAAS,QAAQ,eAAe,cAAc,QAAQ,KAAK;AAE5E,KAAI,YAAY,MACf,OAAM,IAAI,SAAS,gBAAgB;EAClC,SAAS,WAAW;EACpB,MAAM;EACN,SAAS,EACR,YACA;EACD,CAAC;CAGH,MAAMA,UAAkB;EACvB,GAAG;EACH,GAAG;EACH;EACA;EACA,2BAAW,IAAI,MAAM;EACrB;CAED,MAAM,gBAAgB,YAAoC;AACzD,MAAI,KAAK,YAAY,WACpB,QAAO,IAAI,QAAQ,QAAQ,OAAe;GACzC,OAAO;GACP,OAAO,CAAC;IAAE,OAAO;IAAM,OAAO,OAAO;IAAI,CAAC;GAC1C,QAAQ;IAAE,GAAG;IAAS,IAAI;IAAW;GACrC,CAAC;WAEF,KAAK,YAAY,uBACjB,KAAK,oBACJ;GACD,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,OAAe;IAC1D,OAAO;IACP,OAAO,CAAC;KAAE,OAAO;KAAM,OAAO,OAAO;KAAI,CAAC;IAC1C,QAAQ;KAAE,GAAG;KAAS,IAAI;KAAW;IACrC,CAAC;AACF,OAAI,UACH,OAAM,UAAU,KAAK,WAAW,KAAK;AAEtC,UAAO;SACD;AACN,SAAM,UAAU,KAAK,SAAS,KAAK;AACnC,UAAO;;;CAIT,IAAIC,YAA2B;AAE/B,KAAI,KAAK,cAAc;AACtB,MAAI,QAAQ,gBACX,eAAe,CAAC,OAAO,UAAU;AAChC,OAAI,QAAQ,OAAO,MAAM,6BAA6B,MAAM;IAC3D,CACF;AACD,cAAY;QACN;AACN,cAAY,MAAM,eAAe;AACjC,MAAI,CAAC,UACJ,OAAM,IAAI,SAAS,yBAAyB;GAC3C,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;;AAIJ,QAAO;;AAGR,MAAM,yBAAyB,EAAE,OAAO;CACvC,KAAK,EAAE,QAAQ,CAAC,KAAK,EACpB,aAAa,qBACb,CAAC;CACF,aAAa,EACX,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvC,KAAK,EACL,aAAa,8BACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,SAAgB,aAAa,EAC5B,MACA,QACA,2BAQE;AACF,QAAO,mBACN;EACC,QAAQ;EACR,MAAM;EACN,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,QAAQ,IAAI;AAEpB,MAAI,KAAK,uBAER;OAAI,CADY,MAAM,KAAK,sBAAsB;IAAE;IAAK;IAAK,CAAC,CAE7D,QAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAAS,YAAY;KACrB,MAAM;KACN;IACD,KAAK;IACL,CAAC;;EAIJ,MAAM,SAAS,KAAK,oBAAoB,MAAM,MAAM,iBAAiB,IAAI;EAEzE,IAAIC,SAAwB;AAE5B,MAAI;AACH,YAAS,MAAM,eAAe;IAC7B,WAAW;IACX,aAAa,IAAI,KAAK;IACtB;IACA;IACA;IACA,CAAC;AAEF,OAAI,KAAK,aACR,KAAI,QAAQ,gBACX,wBAAwB,IAAI,QAAQ,CAAC,OAAO,QAAQ;AACnD,QAAI,QAAQ,OAAO,MAClB,sCACA,IACA;KACA,CACF;WAEM,OAAO;AACf,OAAI,QAAQ,OAAO,MAAM,+BAA+B,MAAM;AAC9D,OAAI,iBAAiB,SACpB,QAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAAS,MAAM,MAAM;KACrB,MAAM,MAAM,MAAM;KAClB;IACD,KAAK;IACL,CAAC;AAGH,UAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAAS,YAAY;KACrB,MAAM;KACN;IACD,KAAK;IACL,CAAC;;EAGH,MAAM,EAAE,KAAK,GAAG,GAAG,oBAAoB,UAAU;GAChD,KAAK;GACL,aAAa;GACb;EAGD,IAAIC,mBAA+C;AACnD,MAAI,OACH,oBAAmB,MAAM,iCACxB,KACA,QACA,KACA;AAGF,kBAAgB,cAAc,gBAAgB,cAC3C,cAEE,gBAAgB,YAAY,GAC9B;AAEH,SAAO,IAAI,KAAK;GACf,OAAO;GACP,OAAO;GACP,KACC,WAAW,OACR,OACC;IACD,GAAG;IACH,UAAU;IACV;GACJ,CAAC;GAEH"}
|
|
1
|
+
{"version":3,"file":"verify-api-key.mjs","names":["updated: ApiKey","newApiKey: ApiKey | null","apiKey: ApiKey | null","migratedMetadata: Record<string, any> | null"],"sources":["../../../../src/plugins/api-key/routes/verify-api-key.ts"],"sourcesContent":["import type { AuthContext, GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { safeJSONParse } from \"@better-auth/core/utils\";\nimport * as z from \"zod\";\nimport { APIError } from \"../../../api\";\nimport { role } from \"../../access\";\nimport { API_KEY_TABLE_NAME, ERROR_CODES } from \"..\";\nimport { defaultKeyHasher } from \"../\";\nimport {\n\tdeleteApiKey,\n\tgetApiKey,\n\tmigrateDoubleStringifiedMetadata,\n\tsetApiKey,\n} from \"../adapter\";\nimport { isRateLimited } from \"../rate-limit\";\nimport type { apiKeySchema } from \"../schema\";\nimport type { ApiKey } from \"../types\";\nimport type { PredefinedApiKeyOptions } from \".\";\n\nexport async function validateApiKey({\n\thashedKey,\n\tctx,\n\topts,\n\tschema,\n\tpermissions,\n}: {\n\thashedKey: string;\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tpermissions?: Record<string, string[]> | undefined;\n\tctx: GenericEndpointContext;\n}) {\n\tconst apiKey = await getApiKey(ctx, hashedKey, opts);\n\n\tif (!apiKey) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t});\n\t}\n\n\tif (apiKey.enabled === false) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: ERROR_CODES.KEY_DISABLED,\n\t\t\tcode: \"KEY_DISABLED\" as const,\n\t\t});\n\t}\n\n\tif (apiKey.expiresAt) {\n\t\tconst now = Date.now();\n\t\tconst expiresAt = new Date(apiKey.expiresAt).getTime();\n\t\tif (now > expiresAt) {\n\t\t\tconst deleteExpiredKey = async () => {\n\t\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t\t});\n\t\t\t\t} else if (opts.storage === \"secondary-storage\") {\n\t\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\t} else {\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t};\n\n\t\t\tif (opts.deferUpdates) {\n\t\t\t\tctx.context.runInBackground(\n\t\t\t\t\tdeleteExpiredKey().catch((error) => {\n\t\t\t\t\t\tctx.context.logger.error(\"Deferred update failed:\", error);\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\tawait deleteExpiredKey();\n\t\t\t}\n\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: ERROR_CODES.KEY_EXPIRED,\n\t\t\t\tcode: \"KEY_EXPIRED\" as const,\n\t\t\t});\n\t\t}\n\t}\n\n\tif (permissions) {\n\t\tconst apiKeyPermissions = apiKey.permissions\n\t\t\t? safeJSONParse<{\n\t\t\t\t\t[key: string]: string[];\n\t\t\t\t}>(apiKey.permissions)\n\t\t\t: null;\n\n\t\tif (!apiKeyPermissions) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: ERROR_CODES.KEY_NOT_FOUND,\n\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t});\n\t\t}\n\t\tconst r = role(apiKeyPermissions as any);\n\t\tconst result = r.authorize(permissions);\n\t\tif (!result.success) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: ERROR_CODES.KEY_NOT_FOUND,\n\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t});\n\t\t}\n\t}\n\n\tlet remaining = apiKey.remaining;\n\tlet lastRefillAt = apiKey.lastRefillAt;\n\n\tif (apiKey.remaining === 0 && apiKey.refillAmount === null) {\n\t\tconst deleteExhaustedKey = async () => {\n\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t});\n\t\t\t} else if (opts.storage === \"secondary-storage\") {\n\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t} else {\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t});\n\t\t\t}\n\t\t};\n\n\t\tif (opts.deferUpdates) {\n\t\t\tctx.context.runInBackground(\n\t\t\t\tdeleteExhaustedKey().catch((error) => {\n\t\t\t\t\tctx.context.logger.error(\"Deferred update failed:\", error);\n\t\t\t\t}),\n\t\t\t);\n\t\t} else {\n\t\t\tawait deleteExhaustedKey();\n\t\t}\n\n\t\tthrow new APIError(\"TOO_MANY_REQUESTS\", {\n\t\t\tmessage: ERROR_CODES.USAGE_EXCEEDED,\n\t\t\tcode: \"USAGE_EXCEEDED\" as const,\n\t\t});\n\t} else if (remaining !== null) {\n\t\tconst now = Date.now();\n\t\tconst refillInterval = apiKey.refillInterval;\n\t\tconst refillAmount = apiKey.refillAmount;\n\t\tconst lastTime = new Date(lastRefillAt ?? apiKey.createdAt).getTime();\n\n\t\tif (refillInterval && refillAmount) {\n\t\t\t// if they provide refill info, then we should refill once the interval is reached.\n\n\t\t\tconst timeSinceLastRequest = now - lastTime;\n\t\t\tif (timeSinceLastRequest > refillInterval) {\n\t\t\t\tremaining = refillAmount;\n\t\t\t\tlastRefillAt = new Date();\n\t\t\t}\n\t\t}\n\n\t\tif (remaining === 0) {\n\t\t\t// if there are no more remaining requests, than the key is invalid\n\t\t\tthrow new APIError(\"TOO_MANY_REQUESTS\", {\n\t\t\t\tmessage: ERROR_CODES.USAGE_EXCEEDED,\n\t\t\t\tcode: \"USAGE_EXCEEDED\" as const,\n\t\t\t});\n\t\t} else {\n\t\t\tremaining--;\n\t\t}\n\t}\n\n\tconst { message, success, update, tryAgainIn } = isRateLimited(apiKey, opts);\n\n\tif (success === false) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: message ?? undefined,\n\t\t\tcode: \"RATE_LIMITED\" as const,\n\t\t\tdetails: {\n\t\t\t\ttryAgainIn,\n\t\t\t},\n\t\t});\n\t}\n\n\tconst updated: ApiKey = {\n\t\t...apiKey,\n\t\t...update,\n\t\tremaining,\n\t\tlastRefillAt,\n\t\tupdatedAt: new Date(),\n\t};\n\n\tconst performUpdate = async (): Promise<ApiKey | null> => {\n\t\tif (opts.storage === \"database\") {\n\t\t\treturn ctx.context.adapter.update<ApiKey>({\n\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\tupdate: { ...updated, id: undefined },\n\t\t\t});\n\t\t} else if (\n\t\t\topts.storage === \"secondary-storage\" &&\n\t\t\topts.fallbackToDatabase\n\t\t) {\n\t\t\tconst dbUpdated = await ctx.context.adapter.update<ApiKey>({\n\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\tupdate: { ...updated, id: undefined },\n\t\t\t});\n\t\t\tif (dbUpdated) {\n\t\t\t\tawait setApiKey(ctx, dbUpdated, opts);\n\t\t\t}\n\t\t\treturn dbUpdated;\n\t\t} else {\n\t\t\tawait setApiKey(ctx, updated, opts);\n\t\t\treturn updated;\n\t\t}\n\t};\n\n\tlet newApiKey: ApiKey | null = null;\n\n\tif (opts.deferUpdates) {\n\t\tctx.context.runInBackground(\n\t\t\tperformUpdate().catch((error) => {\n\t\t\t\tctx.context.logger.error(\"Failed to update API key:\", error);\n\t\t\t}),\n\t\t);\n\t\tnewApiKey = updated;\n\t} else {\n\t\tnewApiKey = await performUpdate();\n\t\tif (!newApiKey) {\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: ERROR_CODES.FAILED_TO_UPDATE_API_KEY,\n\t\t\t\tcode: \"INTERNAL_SERVER_ERROR\" as const,\n\t\t\t});\n\t\t}\n\t}\n\n\treturn newApiKey;\n}\n\nconst verifyApiKeyBodySchema = z.object({\n\tkey: z.string().meta({\n\t\tdescription: \"The key to verify\",\n\t}),\n\tpermissions: z\n\t\t.record(z.string(), z.array(z.string()))\n\t\t.meta({\n\t\t\tdescription: \"The permissions to verify.\",\n\t\t})\n\t\t.optional(),\n});\n\nexport function verifyApiKey({\n\topts,\n\tschema,\n\tdeleteAllExpiredApiKeys,\n}: {\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tdeleteAllExpiredApiKeys(\n\t\tctx: AuthContext,\n\t\tbyPassLastCheckTime?: boolean | undefined,\n\t): Promise<void>;\n}) {\n\treturn createAuthEndpoint(\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: verifyApiKeyBodySchema,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { key } = ctx.body;\n\n\t\t\tif (opts.customAPIKeyValidator) {\n\t\t\t\tconst isValid = await opts.customAPIKeyValidator({ ctx, key });\n\t\t\t\tif (!isValid) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tvalid: false,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t\t\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tkey: null,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst hashed = opts.disableKeyHashing ? key : await defaultKeyHasher(key);\n\n\t\t\tlet apiKey: ApiKey | null = null;\n\n\t\t\ttry {\n\t\t\t\tapiKey = await validateApiKey({\n\t\t\t\t\thashedKey: hashed,\n\t\t\t\t\tpermissions: ctx.body.permissions,\n\t\t\t\t\tctx,\n\t\t\t\t\topts,\n\t\t\t\t\tschema,\n\t\t\t\t});\n\n\t\t\t\tif (opts.deferUpdates) {\n\t\t\t\t\tctx.context.runInBackground(\n\t\t\t\t\t\tdeleteAllExpiredApiKeys(ctx.context).catch((err) => {\n\t\t\t\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\t\t\t\"Failed to delete expired API keys:\",\n\t\t\t\t\t\t\t\terr,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tctx.context.logger.error(\"Failed to validate API key:\", error);\n\t\t\t\tif (error instanceof APIError) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tvalid: false,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t...error.body,\n\t\t\t\t\t\t\tmessage: error.body?.message,\n\t\t\t\t\t\t\tcode: error.body?.code as string,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tkey: null,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tvalid: false,\n\t\t\t\t\terror: {\n\t\t\t\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t\t\t\t\tcode: \"INVALID_API_KEY\" as const,\n\t\t\t\t\t},\n\t\t\t\t\tkey: null,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst { key: _, ...returningApiKey } = apiKey ?? {\n\t\t\t\tkey: 1,\n\t\t\t\tpermissions: undefined,\n\t\t\t};\n\n\t\t\t// Migrate legacy double-stringified metadata if needed\n\t\t\tlet migratedMetadata: Record<string, any> | null = null;\n\t\t\tif (apiKey) {\n\t\t\t\tmigratedMetadata = await migrateDoubleStringifiedMetadata(\n\t\t\t\t\tctx,\n\t\t\t\t\tapiKey,\n\t\t\t\t\topts,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\treturningApiKey.permissions = returningApiKey.permissions\n\t\t\t\t? safeJSONParse<{\n\t\t\t\t\t\t[key: string]: string[];\n\t\t\t\t\t}>(returningApiKey.permissions)\n\t\t\t\t: null;\n\n\t\t\treturn ctx.json({\n\t\t\t\tvalid: true,\n\t\t\t\terror: null,\n\t\t\t\tkey:\n\t\t\t\t\tapiKey === null\n\t\t\t\t\t\t? null\n\t\t\t\t\t\t: ({\n\t\t\t\t\t\t\t\t...returningApiKey,\n\t\t\t\t\t\t\t\tmetadata: migratedMetadata,\n\t\t\t\t\t\t\t} as Omit<ApiKey, \"key\">),\n\t\t\t});\n\t\t},\n\t);\n}\n"],"mappings":";;;;;;;;;;;AAmBA,eAAsB,eAAe,EACpC,WACA,KACA,MACA,QACA,eAOE;CACF,MAAM,SAAS,MAAM,UAAU,KAAK,WAAW,KAAK;AAEpD,KAAI,CAAC,OACJ,OAAM,IAAI,SAAS,gBAAgB,EAClC,SAAS,YAAY,iBACrB,CAAC;AAGH,KAAI,OAAO,YAAY,MACtB,OAAM,IAAI,SAAS,gBAAgB;EAClC,SAAS,YAAY;EACrB,MAAM;EACN,CAAC;AAGH,KAAI,OAAO,WAGV;MAFY,KAAK,KAAK,GACJ,IAAI,KAAK,OAAO,UAAU,CAAC,SAAS,EACjC;GACpB,MAAM,mBAAmB,YAAY;AACpC,QAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;AACpE,WAAM,aAAa,KAAK,QAAQ,KAAK;AACrC,WAAM,IAAI,QAAQ,QAAQ,OAAO;MAChC,OAAO;MACP,OAAO,CAAC;OAAE,OAAO;OAAM,OAAO,OAAO;OAAI,CAAC;MAC1C,CAAC;eACQ,KAAK,YAAY,oBAC3B,OAAM,aAAa,KAAK,QAAQ,KAAK;QAErC,OAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAM,OAAO,OAAO;MAAI,CAAC;KAC1C,CAAC;;AAIJ,OAAI,KAAK,aACR,KAAI,QAAQ,gBACX,kBAAkB,CAAC,OAAO,UAAU;AACnC,QAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;KACzD,CACF;OAED,OAAM,kBAAkB;AAGzB,SAAM,IAAI,SAAS,gBAAgB;IAClC,SAAS,YAAY;IACrB,MAAM;IACN,CAAC;;;AAIJ,KAAI,aAAa;EAChB,MAAM,oBAAoB,OAAO,cAC9B,cAEE,OAAO,YAAY,GACrB;AAEH,MAAI,CAAC,kBACJ,OAAM,IAAI,SAAS,gBAAgB;GAClC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;AAIH,MAAI,CAFM,KAAK,kBAAyB,CACvB,UAAU,YAAY,CAC3B,QACX,OAAM,IAAI,SAAS,gBAAgB;GAClC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;;CAIJ,IAAI,YAAY,OAAO;CACvB,IAAI,eAAe,OAAO;AAE1B,KAAI,OAAO,cAAc,KAAK,OAAO,iBAAiB,MAAM;EAC3D,MAAM,qBAAqB,YAAY;AACtC,OAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;AACpE,UAAM,aAAa,KAAK,QAAQ,KAAK;AACrC,UAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAM,OAAO,OAAO;MAAI,CAAC;KAC1C,CAAC;cACQ,KAAK,YAAY,oBAC3B,OAAM,aAAa,KAAK,QAAQ,KAAK;OAErC,OAAM,IAAI,QAAQ,QAAQ,OAAO;IAChC,OAAO;IACP,OAAO,CAAC;KAAE,OAAO;KAAM,OAAO,OAAO;KAAI,CAAC;IAC1C,CAAC;;AAIJ,MAAI,KAAK,aACR,KAAI,QAAQ,gBACX,oBAAoB,CAAC,OAAO,UAAU;AACrC,OAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;IACzD,CACF;MAED,OAAM,oBAAoB;AAG3B,QAAM,IAAI,SAAS,qBAAqB;GACvC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;YACQ,cAAc,MAAM;EAC9B,MAAM,MAAM,KAAK,KAAK;EACtB,MAAM,iBAAiB,OAAO;EAC9B,MAAM,eAAe,OAAO;EAC5B,MAAM,WAAW,IAAI,KAAK,gBAAgB,OAAO,UAAU,CAAC,SAAS;AAErE,MAAI,kBAAkB,cAIrB;OAD6B,MAAM,WACR,gBAAgB;AAC1C,gBAAY;AACZ,mCAAe,IAAI,MAAM;;;AAI3B,MAAI,cAAc,EAEjB,OAAM,IAAI,SAAS,qBAAqB;GACvC,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;MAEF;;CAIF,MAAM,EAAE,SAAS,SAAS,QAAQ,eAAe,cAAc,QAAQ,KAAK;AAE5E,KAAI,YAAY,MACf,OAAM,IAAI,SAAS,gBAAgB;EAClC,SAAS,WAAW;EACpB,MAAM;EACN,SAAS,EACR,YACA;EACD,CAAC;CAGH,MAAMA,UAAkB;EACvB,GAAG;EACH,GAAG;EACH;EACA;EACA,2BAAW,IAAI,MAAM;EACrB;CAED,MAAM,gBAAgB,YAAoC;AACzD,MAAI,KAAK,YAAY,WACpB,QAAO,IAAI,QAAQ,QAAQ,OAAe;GACzC,OAAO;GACP,OAAO,CAAC;IAAE,OAAO;IAAM,OAAO,OAAO;IAAI,CAAC;GAC1C,QAAQ;IAAE,GAAG;IAAS,IAAI;IAAW;GACrC,CAAC;WAEF,KAAK,YAAY,uBACjB,KAAK,oBACJ;GACD,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,OAAe;IAC1D,OAAO;IACP,OAAO,CAAC;KAAE,OAAO;KAAM,OAAO,OAAO;KAAI,CAAC;IAC1C,QAAQ;KAAE,GAAG;KAAS,IAAI;KAAW;IACrC,CAAC;AACF,OAAI,UACH,OAAM,UAAU,KAAK,WAAW,KAAK;AAEtC,UAAO;SACD;AACN,SAAM,UAAU,KAAK,SAAS,KAAK;AACnC,UAAO;;;CAIT,IAAIC,YAA2B;AAE/B,KAAI,KAAK,cAAc;AACtB,MAAI,QAAQ,gBACX,eAAe,CAAC,OAAO,UAAU;AAChC,OAAI,QAAQ,OAAO,MAAM,6BAA6B,MAAM;IAC3D,CACF;AACD,cAAY;QACN;AACN,cAAY,MAAM,eAAe;AACjC,MAAI,CAAC,UACJ,OAAM,IAAI,SAAS,yBAAyB;GAC3C,SAAS,YAAY;GACrB,MAAM;GACN,CAAC;;AAIJ,QAAO;;AAGR,MAAM,yBAAyB,EAAE,OAAO;CACvC,KAAK,EAAE,QAAQ,CAAC,KAAK,EACpB,aAAa,qBACb,CAAC;CACF,aAAa,EACX,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvC,KAAK,EACL,aAAa,8BACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,SAAgB,aAAa,EAC5B,MACA,QACA,2BAQE;AACF,QAAO,mBACN;EACC,QAAQ;EACR,MAAM;EACN,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,QAAQ,IAAI;AAEpB,MAAI,KAAK,uBAER;OAAI,CADY,MAAM,KAAK,sBAAsB;IAAE;IAAK;IAAK,CAAC,CAE7D,QAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAAS,YAAY;KACrB,MAAM;KACN;IACD,KAAK;IACL,CAAC;;EAIJ,MAAM,SAAS,KAAK,oBAAoB,MAAM,MAAM,iBAAiB,IAAI;EAEzE,IAAIC,SAAwB;AAE5B,MAAI;AACH,YAAS,MAAM,eAAe;IAC7B,WAAW;IACX,aAAa,IAAI,KAAK;IACtB;IACA;IACA;IACA,CAAC;AAEF,OAAI,KAAK,aACR,KAAI,QAAQ,gBACX,wBAAwB,IAAI,QAAQ,CAAC,OAAO,QAAQ;AACnD,QAAI,QAAQ,OAAO,MAClB,sCACA,IACA;KACA,CACF;WAEM,OAAO;AACf,OAAI,QAAQ,OAAO,MAAM,+BAA+B,MAAM;AAC9D,OAAI,iBAAiB,SACpB,QAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,GAAG,MAAM;KACT,SAAS,MAAM,MAAM;KACrB,MAAM,MAAM,MAAM;KAClB;IACD,KAAK;IACL,CAAC;AAGH,UAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAAS,YAAY;KACrB,MAAM;KACN;IACD,KAAK;IACL,CAAC;;EAGH,MAAM,EAAE,KAAK,GAAG,GAAG,oBAAoB,UAAU;GAChD,KAAK;GACL,aAAa;GACb;EAGD,IAAIC,mBAA+C;AACnD,MAAI,OACH,oBAAmB,MAAM,iCACxB,KACA,QACA,KACA;AAGF,kBAAgB,cAAc,gBAAgB,cAC3C,cAEE,gBAAgB,YAAY,GAC9B;AAEH,SAAO,IAAI,KAAK;GACf,OAAO;GACP,OAAO;GACP,KACC,WAAW,OACR,OACC;IACD,GAAG;IACH,UAAU;IACV;GACJ,CAAC;GAEH"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import * as
|
|
2
|
-
import * as
|
|
1
|
+
import * as _better_auth_core1 from "@better-auth/core";
|
|
2
|
+
import * as better_call8 from "better-call";
|
|
3
3
|
|
|
4
4
|
//#region src/plugins/bearer/index.d.ts
|
|
5
5
|
interface BearerOptions {
|
|
@@ -19,16 +19,16 @@ declare const bearer: (options?: BearerOptions | undefined) => {
|
|
|
19
19
|
id: "bearer";
|
|
20
20
|
hooks: {
|
|
21
21
|
before: {
|
|
22
|
-
matcher(context:
|
|
23
|
-
handler: (inputContext:
|
|
22
|
+
matcher(context: _better_auth_core1.HookEndpointContext): boolean;
|
|
23
|
+
handler: (inputContext: better_call8.MiddlewareInputContext<better_call8.MiddlewareOptions>) => Promise<{
|
|
24
24
|
context: {
|
|
25
25
|
headers: Headers;
|
|
26
26
|
};
|
|
27
27
|
} | undefined>;
|
|
28
28
|
}[];
|
|
29
29
|
after: {
|
|
30
|
-
matcher(context:
|
|
31
|
-
handler: (inputContext:
|
|
30
|
+
matcher(context: _better_auth_core1.HookEndpointContext): true;
|
|
31
|
+
handler: (inputContext: better_call8.MiddlewareInputContext<better_call8.MiddlewareOptions>) => Promise<void>;
|
|
32
32
|
}[];
|
|
33
33
|
};
|
|
34
34
|
options: BearerOptions | undefined;
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { BaseCaptchaOptions, CaptchaFoxOptions, CaptchaOptions, CloudflareTurnstileOptions, GoogleRecaptchaOptions, HCaptchaOptions, Provider } from "./types.mjs";
|
|
2
|
-
import * as
|
|
2
|
+
import * as _better_auth_core3 from "@better-auth/core";
|
|
3
3
|
|
|
4
4
|
//#region src/plugins/captcha/index.d.ts
|
|
5
5
|
declare const captcha: (options: CaptchaOptions) => {
|
|
6
6
|
id: "captcha";
|
|
7
|
-
onRequest: (request: Request, ctx:
|
|
7
|
+
onRequest: (request: Request, ctx: _better_auth_core3.AuthContext) => Promise<{
|
|
8
8
|
response: Response;
|
|
9
9
|
} | undefined>;
|
|
10
10
|
options: CaptchaOptions;
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { InferSession, InferUser } from "../../types/models.mjs";
|
|
2
2
|
import "../../types/index.mjs";
|
|
3
|
-
import * as
|
|
3
|
+
import * as _better_auth_core4 from "@better-auth/core";
|
|
4
4
|
import { BetterAuthOptions, GenericEndpointContext } from "@better-auth/core";
|
|
5
|
-
import * as
|
|
5
|
+
import * as better_call12 from "better-call";
|
|
6
6
|
import * as z from "zod";
|
|
7
7
|
|
|
8
8
|
//#region src/plugins/custom-session/index.d.ts
|
|
@@ -20,12 +20,12 @@ declare const customSession: <Returns extends Record<string, any>, O extends Bet
|
|
|
20
20
|
id: "custom-session";
|
|
21
21
|
hooks: {
|
|
22
22
|
after: {
|
|
23
|
-
matcher: (ctx:
|
|
24
|
-
handler: (inputContext:
|
|
23
|
+
matcher: (ctx: _better_auth_core4.HookEndpointContext) => boolean;
|
|
24
|
+
handler: (inputContext: better_call12.MiddlewareInputContext<better_call12.MiddlewareOptions>) => Promise<Awaited<Returns>[] | undefined>;
|
|
25
25
|
}[];
|
|
26
26
|
};
|
|
27
27
|
endpoints: {
|
|
28
|
-
getSession:
|
|
28
|
+
getSession: better_call12.StrictEndpoint<"/get-session", {
|
|
29
29
|
method: "GET";
|
|
30
30
|
query: z.ZodOptional<z.ZodObject<{
|
|
31
31
|
disableCookieCache: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodPipe<z.ZodString, z.ZodTransform<boolean, string>>]>>;
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { parseSetCookieHeader } from "../../cookies/cookie-utils.mjs";
|
|
1
2
|
import { getSession } from "../../api/routes/session.mjs";
|
|
2
3
|
import "../../api/index.mjs";
|
|
3
4
|
import { getEndpointResponse } from "../../utils/plugin-helper.mjs";
|
|
@@ -50,11 +51,18 @@ const customSession = (fn, options, pluginOptions) => {
|
|
|
50
51
|
});
|
|
51
52
|
if (!session?.response) return ctx.json(null);
|
|
52
53
|
const fnResult = await fn(session.response, ctx);
|
|
53
|
-
const
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
54
|
+
for (const cookieStr of session.headers.getSetCookie()) parseSetCookieHeader(cookieStr).forEach((attrs, name) => {
|
|
55
|
+
ctx.setCookie(name, attrs.value, {
|
|
56
|
+
maxAge: attrs["max-age"],
|
|
57
|
+
expires: attrs.expires,
|
|
58
|
+
domain: attrs.domain,
|
|
59
|
+
path: attrs.path,
|
|
60
|
+
secure: attrs.secure,
|
|
61
|
+
httpOnly: attrs.httponly,
|
|
62
|
+
sameSite: attrs.samesite
|
|
63
|
+
});
|
|
64
|
+
});
|
|
65
|
+
session.headers.delete("set-cookie");
|
|
58
66
|
session.headers.forEach((value, key) => {
|
|
59
67
|
ctx.setHeader(key, value);
|
|
60
68
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/custom-session/index.ts"],"sourcesContent":["import type {\n\tBetterAuthOptions,\n\tBetterAuthPlugin,\n\tGenericEndpointContext,\n} from \"@better-auth/core\";\nimport {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport * as z from \"zod\";\nimport { getSession } from \"../../api\";\nimport type { InferSession, InferUser } from \"../../types\";\nimport { getEndpointResponse } from \"../../utils/plugin-helper\";\n\nconst getSessionQuerySchema = z.optional(\n\tz.object({\n\t\t/**\n\t\t * If cookie cache is enabled, it will disable the cache\n\t\t * and fetch the session from the database\n\t\t */\n\t\tdisableCookieCache: z\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription: \"Disable cookie cache and fetch session from database\",\n\t\t\t})\n\t\t\t.or(z.string().transform((v) => v === \"true\"))\n\t\t\t.optional(),\n\t\tdisableRefresh: z\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"Disable session refresh. Useful for checking session status, without updating the session\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n\nexport type CustomSessionPluginOptions = {\n\t/**\n\t * This option is used to determine if the list-device-sessions endpoint should be mutated to the custom session data.\n\t * @default false\n\t */\n\tshouldMutateListDeviceSessionsEndpoint?: boolean | undefined;\n};\n\nexport const customSession = <\n\tReturns extends Record<string, any>,\n\tO extends BetterAuthOptions = BetterAuthOptions,\n>(\n\tfn: (\n\t\tsession: {\n\t\t\tuser: InferUser<O>;\n\t\t\tsession: InferSession<O>;\n\t\t},\n\t\tctx: GenericEndpointContext,\n\t) => Promise<Returns>,\n\toptions?: O | undefined,\n\tpluginOptions?: CustomSessionPluginOptions | undefined,\n) => {\n\treturn {\n\t\tid: \"custom-session\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher: (ctx) =>\n\t\t\t\t\t\tctx.path === \"/multi-session/list-device-sessions\" &&\n\t\t\t\t\t\t(pluginOptions?.shouldMutateListDeviceSessionsEndpoint ?? false),\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst response = await getEndpointResponse<[]>(ctx);\n\t\t\t\t\t\tif (!response) return;\n\t\t\t\t\t\tconst newResponse = await Promise.all(\n\t\t\t\t\t\t\tresponse.map(async (v) => await fn(v, ctx)),\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn ctx.json(newResponse);\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tendpoints: {\n\t\t\tgetSession: createAuthEndpoint(\n\t\t\t\t\"/get-session\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tquery: getSessionQuerySchema,\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\tCUSTOM_SESSION: true,\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription: \"Get custom session data\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\trequireHeaders: true,\n\t\t\t\t},\n\t\t\t\tasync (ctx): Promise<Returns | null> => {\n\t\t\t\t\tconst session = await getSession()({\n\t\t\t\t\t\t...ctx,\n\t\t\t\t\t\tasResponse: false,\n\t\t\t\t\t\theaders: ctx.headers,\n\t\t\t\t\t\treturnHeaders: true,\n\t\t\t\t\t}).catch((e) => {\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t});\n\t\t\t\t\tif (!session?.response) {\n\t\t\t\t\t\treturn ctx.json(null);\n\t\t\t\t\t}\n\t\t\t\t\tconst fnResult = await fn(session.response as any, ctx);\n\n\t\t\t\t\
|
|
1
|
+
{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/custom-session/index.ts"],"sourcesContent":["import type {\n\tBetterAuthOptions,\n\tBetterAuthPlugin,\n\tGenericEndpointContext,\n} from \"@better-auth/core\";\nimport {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport * as z from \"zod\";\nimport { getSession } from \"../../api\";\nimport { parseSetCookieHeader } from \"../../cookies/cookie-utils\";\nimport type { InferSession, InferUser } from \"../../types\";\nimport { getEndpointResponse } from \"../../utils/plugin-helper\";\n\nconst getSessionQuerySchema = z.optional(\n\tz.object({\n\t\t/**\n\t\t * If cookie cache is enabled, it will disable the cache\n\t\t * and fetch the session from the database\n\t\t */\n\t\tdisableCookieCache: z\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription: \"Disable cookie cache and fetch session from database\",\n\t\t\t})\n\t\t\t.or(z.string().transform((v) => v === \"true\"))\n\t\t\t.optional(),\n\t\tdisableRefresh: z\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"Disable session refresh. Useful for checking session status, without updating the session\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n\nexport type CustomSessionPluginOptions = {\n\t/**\n\t * This option is used to determine if the list-device-sessions endpoint should be mutated to the custom session data.\n\t * @default false\n\t */\n\tshouldMutateListDeviceSessionsEndpoint?: boolean | undefined;\n};\n\nexport const customSession = <\n\tReturns extends Record<string, any>,\n\tO extends BetterAuthOptions = BetterAuthOptions,\n>(\n\tfn: (\n\t\tsession: {\n\t\t\tuser: InferUser<O>;\n\t\t\tsession: InferSession<O>;\n\t\t},\n\t\tctx: GenericEndpointContext,\n\t) => Promise<Returns>,\n\toptions?: O | undefined,\n\tpluginOptions?: CustomSessionPluginOptions | undefined,\n) => {\n\treturn {\n\t\tid: \"custom-session\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher: (ctx) =>\n\t\t\t\t\t\tctx.path === \"/multi-session/list-device-sessions\" &&\n\t\t\t\t\t\t(pluginOptions?.shouldMutateListDeviceSessionsEndpoint ?? false),\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst response = await getEndpointResponse<[]>(ctx);\n\t\t\t\t\t\tif (!response) return;\n\t\t\t\t\t\tconst newResponse = await Promise.all(\n\t\t\t\t\t\t\tresponse.map(async (v) => await fn(v, ctx)),\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn ctx.json(newResponse);\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tendpoints: {\n\t\t\tgetSession: createAuthEndpoint(\n\t\t\t\t\"/get-session\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tquery: getSessionQuerySchema,\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\tCUSTOM_SESSION: true,\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription: \"Get custom session data\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\trequireHeaders: true,\n\t\t\t\t},\n\t\t\t\tasync (ctx): Promise<Returns | null> => {\n\t\t\t\t\tconst session = await getSession()({\n\t\t\t\t\t\t...ctx,\n\t\t\t\t\t\tasResponse: false,\n\t\t\t\t\t\theaders: ctx.headers,\n\t\t\t\t\t\treturnHeaders: true,\n\t\t\t\t\t}).catch((e) => {\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t});\n\t\t\t\t\tif (!session?.response) {\n\t\t\t\t\t\treturn ctx.json(null);\n\t\t\t\t\t}\n\t\t\t\t\tconst fnResult = await fn(session.response as any, ctx);\n\n\t\t\t\t\tfor (const cookieStr of session.headers.getSetCookie()) {\n\t\t\t\t\t\tconst parsed = parseSetCookieHeader(cookieStr);\n\t\t\t\t\t\tparsed.forEach((attrs, name) => {\n\t\t\t\t\t\t\tctx.setCookie(name, attrs.value, {\n\t\t\t\t\t\t\t\tmaxAge: attrs[\"max-age\"],\n\t\t\t\t\t\t\t\texpires: attrs.expires,\n\t\t\t\t\t\t\t\tdomain: attrs.domain,\n\t\t\t\t\t\t\t\tpath: attrs.path,\n\t\t\t\t\t\t\t\tsecure: attrs.secure,\n\t\t\t\t\t\t\t\thttpOnly: attrs.httponly,\n\t\t\t\t\t\t\t\tsameSite: attrs.samesite,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tsession.headers.delete(\"set-cookie\");\n\n\t\t\t\t\tsession.headers.forEach((value, key) => {\n\t\t\t\t\t\tctx.setHeader(key, value);\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json(fnResult);\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\t$Infer: {\n\t\t\tSession: {} as Awaited<ReturnType<typeof fn>>,\n\t\t},\n\t\toptions: pluginOptions,\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;AAeA,MAAM,wBAAwB,EAAE,SAC/B,EAAE,OAAO;CAKR,oBAAoB,EAClB,SAAS,CACT,KAAK,EACL,aAAa,wDACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,WAAW,MAAM,MAAM,OAAO,CAAC,CAC7C,UAAU;CACZ,gBAAgB,EACd,SAAS,CACT,KAAK,EACL,aACC,6FACD,CAAC,CACD,UAAU;CACZ,CAAC,CACF;AAUD,MAAa,iBAIZ,IAOA,SACA,kBACI;AACJ,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,UAAU,QACT,IAAI,SAAS,0CACZ,eAAe,0CAA0C;GAC3D,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,MAAM,oBAAwB,IAAI;AACnD,QAAI,CAAC,SAAU;IACf,MAAM,cAAc,MAAM,QAAQ,IACjC,SAAS,IAAI,OAAO,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,CAC3C;AACD,WAAO,IAAI,KAAK,YAAY;KAC3B;GACF,CACD,EACD;EACD,WAAW,EACV,YAAY,mBACX,gBACA;GACC,QAAQ;GACR,OAAO;GACP,UAAU;IACT,gBAAgB;IAChB,SAAS;KACR,aAAa;KACb,WAAW,EACV,OAAO;MACN,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,UAAU;OACV,OAAO,EACN,MAAM,gCACN;OACD,EACD,EACD;MACD,EACD;KACD;IACD;GACD,gBAAgB;GAChB,EACD,OAAO,QAAiC;GACvC,MAAM,UAAU,MAAM,YAAY,CAAC;IAClC,GAAG;IACH,YAAY;IACZ,SAAS,IAAI;IACb,eAAe;IACf,CAAC,CAAC,OAAO,MAAM;AACf,WAAO;KACN;AACF,OAAI,CAAC,SAAS,SACb,QAAO,IAAI,KAAK,KAAK;GAEtB,MAAM,WAAW,MAAM,GAAG,QAAQ,UAAiB,IAAI;AAEvD,QAAK,MAAM,aAAa,QAAQ,QAAQ,cAAc,CAErD,CADe,qBAAqB,UAAU,CACvC,SAAS,OAAO,SAAS;AAC/B,QAAI,UAAU,MAAM,MAAM,OAAO;KAChC,QAAQ,MAAM;KACd,SAAS,MAAM;KACf,QAAQ,MAAM;KACd,MAAM,MAAM;KACZ,QAAQ,MAAM;KACd,UAAU,MAAM;KAChB,UAAU,MAAM;KAChB,CAAC;KACD;AAEH,WAAQ,QAAQ,OAAO,aAAa;AAEpC,WAAQ,QAAQ,SAAS,OAAO,QAAQ;AACvC,QAAI,UAAU,KAAK,MAAM;KACxB;AACF,UAAO,IAAI,KAAK,SAAS;IAE1B,EACD;EACD,QAAQ,EACP,SAAS,EAAE,EACX;EACD,SAAS;EACT"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { TimeString, ms, sec } from "../../utils/time.mjs";
|
|
2
|
-
import * as
|
|
2
|
+
import * as better_call15 from "better-call";
|
|
3
3
|
import * as z from "zod";
|
|
4
4
|
|
|
5
5
|
//#region src/plugins/device-authorization/index.d.ts
|
|
@@ -91,7 +91,7 @@ declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions
|
|
|
91
91
|
};
|
|
92
92
|
};
|
|
93
93
|
endpoints: {
|
|
94
|
-
deviceCode:
|
|
94
|
+
deviceCode: better_call15.StrictEndpoint<"/device/code", {
|
|
95
95
|
method: "POST";
|
|
96
96
|
body: z.ZodObject<{
|
|
97
97
|
client_id: z.ZodString;
|
|
@@ -176,7 +176,7 @@ declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions
|
|
|
176
176
|
expires_in: number;
|
|
177
177
|
interval: number;
|
|
178
178
|
}>;
|
|
179
|
-
deviceToken:
|
|
179
|
+
deviceToken: better_call15.StrictEndpoint<"/device/token", {
|
|
180
180
|
method: "POST";
|
|
181
181
|
body: z.ZodObject<{
|
|
182
182
|
grant_type: z.ZodLiteral<"urn:ietf:params:oauth:grant-type:device_code">;
|
|
@@ -244,7 +244,7 @@ declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions
|
|
|
244
244
|
expires_in: number;
|
|
245
245
|
scope: string;
|
|
246
246
|
}>;
|
|
247
|
-
deviceVerify:
|
|
247
|
+
deviceVerify: better_call15.StrictEndpoint<"/device", {
|
|
248
248
|
method: "GET";
|
|
249
249
|
query: z.ZodObject<{
|
|
250
250
|
user_code: z.ZodString;
|
|
@@ -287,7 +287,7 @@ declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions
|
|
|
287
287
|
user_code: string;
|
|
288
288
|
status: string;
|
|
289
289
|
}>;
|
|
290
|
-
deviceApprove:
|
|
290
|
+
deviceApprove: better_call15.StrictEndpoint<"/device/approve", {
|
|
291
291
|
method: "POST";
|
|
292
292
|
body: z.ZodObject<{
|
|
293
293
|
userCode: z.ZodString;
|
|
@@ -328,7 +328,7 @@ declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions
|
|
|
328
328
|
}, {
|
|
329
329
|
success: boolean;
|
|
330
330
|
}>;
|
|
331
|
-
deviceDeny:
|
|
331
|
+
deviceDeny: better_call15.StrictEndpoint<"/device/deny", {
|
|
332
332
|
method: "POST";
|
|
333
333
|
body: z.ZodObject<{
|
|
334
334
|
userCode: z.ZodString;
|