better-auth 1.4.4-beta.2 → 1.4.4-beta.3

package/dist/{access-Bue6UE97.mjs → access-h-uttVNZ.mjs}

@@ -1,4 +1,4 @@
-import { t as createAccessControl } from "./access-DXuPG0DH.mjs";
+import { t as createAccessControl } from "./access-Dx8TLKnw.mjs";
 
 //#region src/plugins/admin/access/statement.ts
 const defaultStatements = {

package/dist/{access-Cr_p-YVH.mjs → access-vPNO48H4.mjs}

@@ -1,4 +1,4 @@
-import { t as createAccessControl } from "./access-DXuPG0DH.mjs";
+import { t as createAccessControl } from "./access-Dx8TLKnw.mjs";
 
 //#region src/plugins/organization/access/statement.ts
 const defaultStatements = {

package/dist/{adapter-factory-oT7pVV1b.mjs → adapter-factory-CXEYdBBi.mjs}

@@ -1,6 +1,6 @@
 import { a as getAuthTables, i as initGetDefaultModelName, n as initGetFieldName, r as initGetDefaultFieldName, t as initGetModelName } from "./get-model-name-D4DUV7S2.mjs";
-import { t as generateId } from "./utils-DBbaShi0.mjs";
-import { t as safeJSONParse } from "./json-_HMgPUVh.mjs";
+import { t as generateId } from "./utils-db7gNqd-.mjs";
+import { t as safeJSONParse } from "./json-CnHxKYpj.mjs";
 import { TTY_COLORS, getColorDepth, logger } from "@better-auth/core/env";
 import { BetterAuthError } from "@better-auth/core/error";
 

package/dist/adapters/drizzle-adapter/index.mjs

@@ -1,10 +1,9 @@
 import "../../get-model-name-D4DUV7S2.mjs";
-import "../../utils-DBbaShi0.mjs";
-import "../../crypto-BQxYXGGX.mjs";
-import "../../jwt-DzuIBp7t.mjs";
-import "../../misc-D8A8FGv2.mjs";
-import "../../json-_HMgPUVh.mjs";
-import { t as createAdapterFactory } from "../../adapter-factory-oT7pVV1b.mjs";
+import "../../utils-db7gNqd-.mjs";
+import "../../crypto-CFUhAR9W.mjs";
+import "../../misc-BwNc0MKr.mjs";
+import "../../json-CnHxKYpj.mjs";
+import { t as createAdapterFactory } from "../../adapter-factory-CXEYdBBi.mjs";
 import { logger } from "@better-auth/core/env";
 import { BetterAuthError } from "@better-auth/core/error";
 import { and, asc, count, desc, eq, gt, gte, inArray, like, lt, lte, ne, notInArray, or, sql } from "drizzle-orm";

package/dist/adapters/index.d.mts

@@ -1,4 +1,4 @@
-import { $t as AdapterSchemaCreation, an as Where$1, in as TransactionAdapter } from "../index-BTk-wfTL.mjs";
+import { $t as AdapterSchemaCreation, an as Where$1, in as TransactionAdapter } from "../index-CJ4w3OzO.mjs";
 import "../types-CEepZ-RG.mjs";
 import { u as Prettify } from "../helper-DFzV6jvx.mjs";
 import "../index-D8MBzSjs.mjs";

package/dist/adapters/index.mjs

@@ -1,10 +1,9 @@
 import { i as initGetDefaultModelName, n as initGetFieldName, r as initGetDefaultFieldName, t as initGetModelName } from "../get-model-name-D4DUV7S2.mjs";
-import "../utils-DBbaShi0.mjs";
-import "../crypto-BQxYXGGX.mjs";
-import "../jwt-DzuIBp7t.mjs";
-import "../misc-D8A8FGv2.mjs";
-import "../json-_HMgPUVh.mjs";
-import { n as initGetFieldAttributes, r as initGetIdField, t as createAdapterFactory } from "../adapter-factory-oT7pVV1b.mjs";
+import "../utils-db7gNqd-.mjs";
+import "../crypto-CFUhAR9W.mjs";
+import "../misc-BwNc0MKr.mjs";
+import "../json-CnHxKYpj.mjs";
+import { n as initGetFieldAttributes, r as initGetIdField, t as createAdapterFactory } from "../adapter-factory-CXEYdBBi.mjs";
 
 export * from "@better-auth/core/db/adapter"
 

package/dist/adapters/kysely-adapter/index.mjs

@@ -1,11 +1,10 @@
 import { n as getKyselyDatabaseType, t as createKyselyAdapter } from "../../dialect-D9ZUZA4J.mjs";
 import "../../get-model-name-D4DUV7S2.mjs";
-import "../../utils-DBbaShi0.mjs";
-import "../../crypto-BQxYXGGX.mjs";
-import "../../jwt-DzuIBp7t.mjs";
-import "../../misc-D8A8FGv2.mjs";
-import "../../json-_HMgPUVh.mjs";
-import { t as createAdapterFactory } from "../../adapter-factory-oT7pVV1b.mjs";
+import "../../utils-db7gNqd-.mjs";
+import "../../crypto-CFUhAR9W.mjs";
+import "../../misc-BwNc0MKr.mjs";
+import "../../json-CnHxKYpj.mjs";
+import { t as createAdapterFactory } from "../../adapter-factory-CXEYdBBi.mjs";
 import { sql } from "kysely";
 
 //#region src/adapters/kysely-adapter/kysely-adapter.ts

package/dist/adapters/memory-adapter/index.mjs

@@ -1,10 +1,9 @@
 import "../../get-model-name-D4DUV7S2.mjs";
-import "../../utils-DBbaShi0.mjs";
-import "../../crypto-BQxYXGGX.mjs";
-import "../../jwt-DzuIBp7t.mjs";
-import "../../misc-D8A8FGv2.mjs";
-import "../../json-_HMgPUVh.mjs";
-import { t as createAdapterFactory } from "../../adapter-factory-oT7pVV1b.mjs";
+import "../../utils-db7gNqd-.mjs";
+import "../../crypto-CFUhAR9W.mjs";
+import "../../misc-BwNc0MKr.mjs";
+import "../../json-CnHxKYpj.mjs";
+import { t as createAdapterFactory } from "../../adapter-factory-CXEYdBBi.mjs";
 import { logger } from "@better-auth/core/env";
 
 //#region src/adapters/memory-adapter/memory-adapter.ts

package/dist/adapters/mongodb-adapter/index.mjs

@@ -1,10 +1,9 @@
 import "../../get-model-name-D4DUV7S2.mjs";
-import "../../utils-DBbaShi0.mjs";
-import "../../crypto-BQxYXGGX.mjs";
-import "../../jwt-DzuIBp7t.mjs";
-import "../../misc-D8A8FGv2.mjs";
-import "../../json-_HMgPUVh.mjs";
-import { t as createAdapterFactory } from "../../adapter-factory-oT7pVV1b.mjs";
+import "../../utils-db7gNqd-.mjs";
+import "../../crypto-CFUhAR9W.mjs";
+import "../../misc-BwNc0MKr.mjs";
+import "../../json-CnHxKYpj.mjs";
+import { t as createAdapterFactory } from "../../adapter-factory-CXEYdBBi.mjs";
 import { ObjectId } from "mongodb";
 
 //#region src/adapters/mongodb-adapter/mongodb-adapter.ts
@@ -31,9 +30,9 @@ const mongodbAdapter = (db, config) => {
 							return v;
 						}
 						if (v instanceof ObjectId) return v;
-						throw new Error("Invalid id value, recieved: " + JSON.stringify(v));
+						throw new Error("Invalid id value, received: " + JSON.stringify(v));
 					});
-					throw new Error("Invalid id value, recieved: " + JSON.stringify(value));
+					throw new Error("Invalid id value, received: " + JSON.stringify(value));
 				}
 				try {
 					return new ObjectId(value);

package/dist/adapters/prisma-adapter/index.mjs

@@ -1,10 +1,9 @@
 import "../../get-model-name-D4DUV7S2.mjs";
-import "../../utils-DBbaShi0.mjs";
-import "../../crypto-BQxYXGGX.mjs";
-import "../../jwt-DzuIBp7t.mjs";
-import "../../misc-D8A8FGv2.mjs";
-import "../../json-_HMgPUVh.mjs";
-import { t as createAdapterFactory } from "../../adapter-factory-oT7pVV1b.mjs";
+import "../../utils-db7gNqd-.mjs";
+import "../../crypto-CFUhAR9W.mjs";
+import "../../misc-BwNc0MKr.mjs";
+import "../../json-CnHxKYpj.mjs";
+import { t as createAdapterFactory } from "../../adapter-factory-CXEYdBBi.mjs";
 import { BetterAuthError } from "@better-auth/core/error";
 
 //#region src/adapters/prisma-adapter/prisma-adapter.ts

package/dist/adapters/test.mjs

@@ -1,7 +1,6 @@
-import { t as generateId } from "../utils-DBbaShi0.mjs";
-import "../crypto-BQxYXGGX.mjs";
-import "../jwt-DzuIBp7t.mjs";
-import "../misc-D8A8FGv2.mjs";
+import { t as generateId } from "../utils-db7gNqd-.mjs";
+import "../crypto-CFUhAR9W.mjs";
+import "../misc-BwNc0MKr.mjs";
 import { beforeAll, describe, expect, test } from "vitest";
 
 //#region src/adapters/test.ts

package/dist/{admin-C0d5dk6O.mjs → admin-D-OMdNIc.mjs}

@@ -1,9 +1,9 @@
-import { l as parseUserOutput, t as mergeSchema, u as getDate } from "./schema-CSB7dlK0.mjs";
-import { t as APIError } from "./api-q2sbQ7PT.mjs";
-import { c as setSessionCookie, n as deleteSessionCookie } from "./cookies-D_dksn7B.mjs";
-import { r as getSessionFromCtx } from "./session-CgfX4vv1.mjs";
-import { t as hasPermission } from "./has-permission-DN8I_Icv.mjs";
-import { t as getEndpointResponse } from "./plugin-helper-CA_Vvnl9.mjs";
+import { l as parseUserOutput, t as mergeSchema, u as getDate } from "./schema-Bb7wzeK_.mjs";
+import { t as APIError } from "./api-CkmycQ2x.mjs";
+import { c as setSessionCookie, n as deleteSessionCookie } from "./cookies-D72PbWdz.mjs";
+import { r as getSessionFromCtx } from "./session-AaRl3_x-.mjs";
+import { t as hasPermission } from "./has-permission-qCjQqGds.mjs";
+import { t as getEndpointResponse } from "./plugin-helper-zFdFWLgL.mjs";
 import { BASE_ERROR_CODES } from "@better-auth/core/error";
 import { defineErrorCodes } from "@better-auth/core/utils";
 import * as z from "zod";

package/dist/{anonymous-B5kAEMza.mjs → anonymous-DxoIOUPc.mjs}

@@ -1,8 +1,8 @@
-import { t as generateId } from "./utils-DBbaShi0.mjs";
-import { t as mergeSchema } from "./schema-CSB7dlK0.mjs";
-import { t as APIError } from "./api-q2sbQ7PT.mjs";
-import { c as setSessionCookie, l as parseSetCookieHeader } from "./cookies-D_dksn7B.mjs";
-import { r as getSessionFromCtx } from "./session-CgfX4vv1.mjs";
+import { t as generateId } from "./utils-db7gNqd-.mjs";
+import { t as mergeSchema } from "./schema-Bb7wzeK_.mjs";
+import { t as APIError } from "./api-CkmycQ2x.mjs";
+import { c as setSessionCookie, l as parseSetCookieHeader } from "./cookies-D72PbWdz.mjs";
+import { r as getSessionFromCtx } from "./session-AaRl3_x-.mjs";
 import { defineErrorCodes } from "@better-auth/core/utils";
 import * as z from "zod";
 import { createAuthEndpoint, createAuthMiddleware } from "@better-auth/core/api";

package/dist/api/index.d.mts

@@ -1,4 +1,4 @@
-import { $ as createEmailVerificationToken, A as deleteUser, B as getSessionFromCtx, C as createAuthEndpoint, D as router, E as optionsMiddleware, F as signOut, G as revokeSessions, H as requestOnlySessionMiddleware, I as signInEmail, J as requestPasswordReset, K as sensitiveSessionMiddleware, L as signInSocial, M as setPassword, N as updateUser, O as changeEmail, P as signUpEmail, Q as error, R as freshSessionMiddleware, S as checkEndpointConflicts, T as getEndpoints, U as revokeOtherSessions, V as listSessions, W as revokeSession, X as resetPassword, Y as requestPasswordResetCallback, Z as ok, at as getAccessToken, b as AuthEndpoint, ct as refreshToken, dt as originCheckMiddleware, et as sendVerificationEmail, ft as getOAuthState, it as accountInfo, j as deleteUserCallback, k as changePassword, lt as unlinkAccount, nt as verifyEmail, ot as linkSocialAccount, pt as getIp, q as sessionMiddleware, rt as callbackOAuth, st as listUserAccounts, tt as sendVerificationEmailFn, ut as originCheck, w as createAuthMiddleware, x as AuthMiddleware, y as APIError, z as getSession } from "../index-BTk-wfTL.mjs";
+import { $ as createEmailVerificationToken, A as deleteUser, B as getSessionFromCtx, C as createAuthEndpoint, D as router, E as optionsMiddleware, F as signOut, G as revokeSessions, H as requestOnlySessionMiddleware, I as signInEmail, J as requestPasswordReset, K as sensitiveSessionMiddleware, L as signInSocial, M as setPassword, N as updateUser, O as changeEmail, P as signUpEmail, Q as error, R as freshSessionMiddleware, S as checkEndpointConflicts, T as getEndpoints, U as revokeOtherSessions, V as listSessions, W as revokeSession, X as resetPassword, Y as requestPasswordResetCallback, Z as ok, at as getAccessToken, b as AuthEndpoint, ct as refreshToken, dt as originCheckMiddleware, et as sendVerificationEmail, ft as getOAuthState, it as accountInfo, j as deleteUserCallback, k as changePassword, lt as unlinkAccount, nt as verifyEmail, ot as linkSocialAccount, pt as getIp, q as sessionMiddleware, rt as callbackOAuth, st as listUserAccounts, tt as sendVerificationEmailFn, ut as originCheck, w as createAuthMiddleware, x as AuthMiddleware, y as APIError, z as getSession } from "../index-CJ4w3OzO.mjs";
 import "../types-CEepZ-RG.mjs";
 import "../helper-DFzV6jvx.mjs";
 import "../index-D8MBzSjs.mjs";

package/dist/api/index.mjs

@@ -1,16 +1,15 @@
 import "../dialect-D9ZUZA4J.mjs";
 import "../get-model-name-D4DUV7S2.mjs";
-import "../get-migration-wMpq_Lmw.mjs";
-import { a as getOAuthState } from "../utils-DBbaShi0.mjs";
-import "../crypto-BQxYXGGX.mjs";
-import "../jwt-DzuIBp7t.mjs";
-import "../misc-D8A8FGv2.mjs";
-import "../schema-CSB7dlK0.mjs";
-import { t as getIp } from "../get-request-ip-RYTz2Uba.mjs";
-import "../json-_HMgPUVh.mjs";
-import "../url-BLNRhCPO.mjs";
-import { A as getAccessToken, C as createEmailVerificationToken, D as callbackOAuth, E as verifyEmail, L as originCheck, M as listUserAccounts, N as refreshToken, P as unlinkAccount, R as originCheckMiddleware, S as error, T as sendVerificationEmailFn, _ as signInSocial, a as getEndpoints, b as resetPassword, c as changeEmail, d as deleteUserCallback, f as setPassword, g as signInEmail, h as signOut, i as createAuthMiddleware, j as linkSocialAccount, k as accountInfo, l as changePassword, m as signUpEmail, n as checkEndpointConflicts, o as optionsMiddleware, p as updateUser, r as createAuthEndpoint, s as router, t as APIError, u as deleteUser, v as requestPasswordReset, w as sendVerificationEmail, x as ok, y as requestPasswordResetCallback } from "../api-q2sbQ7PT.mjs";
-import "../cookies-D_dksn7B.mjs";
-import { a as requestOnlySessionMiddleware, c as revokeSessions, i as listSessions, l as sensitiveSessionMiddleware, n as getSession, o as revokeOtherSessions, r as getSessionFromCtx, s as revokeSession, t as freshSessionMiddleware, u as sessionMiddleware } from "../session-CgfX4vv1.mjs";
+import "../get-migration-Bf0TuCzm.mjs";
+import { a as getOAuthState } from "../utils-db7gNqd-.mjs";
+import "../crypto-CFUhAR9W.mjs";
+import "../misc-BwNc0MKr.mjs";
+import "../schema-Bb7wzeK_.mjs";
+import { t as getIp } from "../get-request-ip-D6st-mto.mjs";
+import "../json-CnHxKYpj.mjs";
+import "../url-CB8xCwz-.mjs";
+import { A as getAccessToken, C as createEmailVerificationToken, D as callbackOAuth, E as verifyEmail, L as originCheck, M as listUserAccounts, N as refreshToken, P as unlinkAccount, R as originCheckMiddleware, S as error, T as sendVerificationEmailFn, _ as signInSocial, a as getEndpoints, b as resetPassword, c as changeEmail, d as deleteUserCallback, f as setPassword, g as signInEmail, h as signOut, i as createAuthMiddleware, j as linkSocialAccount, k as accountInfo, l as changePassword, m as signUpEmail, n as checkEndpointConflicts, o as optionsMiddleware, p as updateUser, r as createAuthEndpoint, s as router, t as APIError, u as deleteUser, v as requestPasswordReset, w as sendVerificationEmail, x as ok, y as requestPasswordResetCallback } from "../api-CkmycQ2x.mjs";
+import "../cookies-D72PbWdz.mjs";
+import { a as requestOnlySessionMiddleware, c as revokeSessions, i as listSessions, l as sensitiveSessionMiddleware, n as getSession, o as revokeOtherSessions, r as getSessionFromCtx, s as revokeSession, t as freshSessionMiddleware, u as sessionMiddleware } from "../session-AaRl3_x-.mjs";
 
 export { APIError, accountInfo, callbackOAuth, changeEmail, changePassword, checkEndpointConflicts, createAuthEndpoint, createAuthMiddleware, createEmailVerificationToken, deleteUser, deleteUserCallback, error, freshSessionMiddleware, getAccessToken, getEndpoints, getIp, getOAuthState, getSession, getSessionFromCtx, linkSocialAccount, listSessions, listUserAccounts, ok, optionsMiddleware, originCheck, originCheckMiddleware, refreshToken, requestOnlySessionMiddleware, requestPasswordReset, requestPasswordResetCallback, resetPassword, revokeOtherSessions, revokeSession, revokeSessions, router, sendVerificationEmail, sendVerificationEmailFn, sensitiveSessionMiddleware, sessionMiddleware, setPassword, signInEmail, signInSocial, signOut, signUpEmail, unlinkAccount, updateUser, verifyEmail };

package/dist/{api-q2sbQ7PT.mjs → api-CkmycQ2x.mjs}

@@ -1,12 +1,11 @@
-import { i as parseState, n as HIDE_METADATA, r as generateState, t as generateId } from "./utils-DBbaShi0.mjs";
-import { n as symmetricEncrypt, r as generateRandomString, t as symmetricDecrypt } from "./crypto-BQxYXGGX.mjs";
-import { t as signJWT } from "./jwt-DzuIBp7t.mjs";
-import { c as parseUserInput, l as parseUserOutput, u as getDate } from "./schema-CSB7dlK0.mjs";
-import { t as getIp } from "./get-request-ip-RYTz2Uba.mjs";
-import { t as safeJSONParse } from "./json-_HMgPUVh.mjs";
-import { i as getProtocol, n as getHost, r as getOrigin } from "./url-BLNRhCPO.mjs";
-import { c as setSessionCookie, n as deleteSessionCookie } from "./cookies-D_dksn7B.mjs";
-import { c as revokeSessions, i as listSessions, l as sensitiveSessionMiddleware, n as getSession, o as revokeOtherSessions, r as getSessionFromCtx, s as revokeSession, t as freshSessionMiddleware, u as sessionMiddleware } from "./session-CgfX4vv1.mjs";
+import { i as parseState, n as HIDE_METADATA, r as generateState, t as generateId } from "./utils-db7gNqd-.mjs";
+import { n as symmetricEncrypt, o as signJWT, r as generateRandomString, t as symmetricDecrypt } from "./crypto-CFUhAR9W.mjs";
+import { c as parseUserInput, l as parseUserOutput, u as getDate } from "./schema-Bb7wzeK_.mjs";
+import { t as getIp } from "./get-request-ip-D6st-mto.mjs";
+import { t as safeJSONParse } from "./json-CnHxKYpj.mjs";
+import { i as getProtocol, n as getHost, r as getOrigin } from "./url-CB8xCwz-.mjs";
+import { c as setSessionCookie, f as getAccountCookie, h as setAccountCookie, n as deleteSessionCookie } from "./cookies-D72PbWdz.mjs";
+import { c as revokeSessions, i as listSessions, l as sensitiveSessionMiddleware, n as getSession, o as revokeOtherSessions, r as getSessionFromCtx, s as revokeSession, t as freshSessionMiddleware, u as sessionMiddleware } from "./session-AaRl3_x-.mjs";
 import { hasRequestState, runWithEndpointContext, runWithRequestState, runWithTransaction } from "@better-auth/core/context";
 import { isDevelopment, isProduction, logger, shouldPublishLog } from "@better-auth/core/env";
 import { BASE_ERROR_CODES } from "@better-auth/core/error";
@@ -616,9 +615,7 @@ const getAccessToken = createAuthEndpoint("/get-access-token", {
 	let resolvedUserId = session?.user?.id || userId;
 	if (!resolvedUserId) throw ctx.error("UNAUTHORIZED");
 	if (!ctx.context.socialProviders.find((p) => p.id === providerId)) throw new APIError("BAD_REQUEST", { message: `Provider ${providerId} is not supported.` });
-	const accountDataCookieName = ctx.context.authCookies.accountData.name;
-	const accountDataCookie = await ctx.getSignedCookie(accountDataCookieName, ctx.context.secret);
-	const accountData = accountDataCookie ? safeJSONParse(accountDataCookie) : null;
+	const accountData = await getAccountCookie(ctx);
 	let account = void 0;
 	if (accountData && providerId === accountData.providerId && (!accountId || accountData.id === accountId)) account = accountData;
 	else account = (await ctx.context.internalAdapter.findAccounts(resolvedUserId)).find((acc) => accountId ? acc.id === accountId && acc.providerId === providerId : acc.providerId === providerId);
@@ -637,7 +634,7 @@ const getAccessToken = createAuthEndpoint("/get-access-token", {
 				refreshToken: await setTokenUtil(newTokens.refreshToken, ctx.context),
 				refreshTokenExpiresAt: newTokens.refreshTokenExpiresAt
 			});
-			if (ctx.context.options.account?.storeAccountCookie && updatedAccount) await ctx.setSignedCookie(accountDataCookieName, JSON.stringify(updatedAccount), ctx.context.secret, ctx.context.authCookies.accountData.options);
+			if (ctx.context.options.account?.storeAccountCookie && updatedAccount) await setAccountCookie(ctx, updatedAccount);
 		}
 		const tokens = {
 			accessToken: newTokens?.accessToken ?? await decryptOAuthToken(account.accessToken ?? "", ctx.context),
@@ -696,10 +693,8 @@ const refreshToken = createAuthEndpoint("/refresh-token", {
 	const provider = ctx.context.socialProviders.find((p) => p.id === providerId);
 	if (!provider) throw new APIError("BAD_REQUEST", { message: `Provider ${providerId} not found.` });
 	if (!provider.refreshAccessToken) throw new APIError("BAD_REQUEST", { message: `Provider ${providerId} does not support token refreshing.` });
-	const accountDataCookieName = ctx.context.authCookies.accountData.name;
-	const accountDataCookie = await ctx.getSignedCookie(accountDataCookieName, ctx.context.secret);
 	let account = void 0;
-	const accountData = accountDataCookie ? safeJSONParse(accountDataCookie) : null;
+	const accountData = await getAccountCookie(ctx);
 	if (accountData && (!providerId || providerId === accountData?.providerId)) account = accountData;
 	else account = (await ctx.context.internalAdapter.findAccounts(resolvedUserId)).find((acc) => accountId ? acc.id === accountId && acc.providerId === providerId : acc.providerId === providerId);
 	if (!account) throw new APIError("BAD_REQUEST", { message: "Account not found" });
@@ -722,18 +717,15 @@ const refreshToken = createAuthEndpoint("/refresh-token", {
 			};
 			await ctx.context.internalAdapter.updateAccount(account.id, updateData);
 		}
-		if (accountData && providerId === accountData.providerId && ctx.context.options.account?.storeAccountCookie) {
-			const updateData = {
-				...accountData,
-				accessToken: await setTokenUtil(tokens.accessToken, ctx.context),
-				refreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),
-				accessTokenExpiresAt: tokens.accessTokenExpiresAt,
-				refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
-				scope: tokens.scopes?.join(",") || accountData.scope,
-				idToken: tokens.idToken || accountData.idToken
-			};
-			await ctx.setSignedCookie(accountDataCookieName, JSON.stringify(updateData), ctx.context.secret, ctx.context.authCookies.accountData.options);
-		}
+		if (accountData && providerId === accountData.providerId && ctx.context.options.account?.storeAccountCookie) await setAccountCookie(ctx, {
+			...accountData,
+			accessToken: await setTokenUtil(tokens.accessToken, ctx.context),
+			refreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),
+			accessTokenExpiresAt: tokens.accessTokenExpiresAt,
+			refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
+			scope: tokens.scopes?.join(",") || accountData.scope,
+			idToken: tokens.idToken || accountData.idToken
+		});
 		return ctx.json({
 			accessToken: tokens.accessToken,
 			refreshToken: tokens.refreshToken,
@@ -790,12 +782,8 @@ const accountInfo = createAuthEndpoint("/account-info", {
 	let account = void 0;
 	if (!providedAccountId) {
 		if (ctx.context.options.account?.storeAccountCookie) {
-			const accountCookieName = ctx.context.authCookies.accountData.name;
-			const accountCookie = await ctx.getSignedCookie(accountCookieName, ctx.context.secret);
-			if (accountCookie) {
-				const accountData = safeJSONParse(accountCookie);
-				if (accountData) account = accountData;
-			}
+			const accountData = await getAccountCookie(ctx);
+			if (accountData) account = accountData;
 		}
 	} else {
 		const accountData = await ctx.context.internalAdapter.findAccount(providedAccountId);
@@ -872,10 +860,7 @@ async function handleOAuthUserInfo(c, { userInfo, account, callbackURL, disableS
 					refreshTokenExpiresAt: account.refreshTokenExpiresAt,
 					scope: account.scope
 				}).filter(([_, value]) => value !== void 0));
-				if (c.context.options.account?.storeAccountCookie) {
-					const accountDataCookie = c.context.authCookies.accountData;
-					await c.setSignedCookie(accountDataCookie.name, JSON.stringify(updateData), c.context.secret, accountDataCookie.options);
-				}
+				if (c.context.options.account?.storeAccountCookie) await setAccountCookie(c, updateData);
 				if (Object.keys(updateData).length > 0) await c.context.internalAdapter.updateAccount(hasBeenLinked.id, updateData);
 			}
 			if (userInfo.emailVerified && !dbUser.user.emailVerified && userInfo.email.toLowerCase() === dbUser.user.email) await c.context.internalAdapter.updateUser(dbUser.user.id, { emailVerified: true });
@@ -911,10 +896,7 @@ async function handleOAuthUserInfo(c, { userInfo, account, callbackURL, disableS
 				email: userInfo.email.toLowerCase()
 			}, accountData);
 			user = createdUser;
-			if (c.context.options.account?.storeAccountCookie) {
-				const accountDataCookie = c.context.authCookies.accountData;
-				await c.setSignedCookie(accountDataCookie.name, JSON.stringify(createdAccount), c.context.secret, accountDataCookie.options);
-			}
+			if (c.context.options.account?.storeAccountCookie) await setAccountCookie(c, createdAccount);
 			if (!userInfo.emailVerified && user && c.context.options.emailVerification?.sendOnSignUp) {
 				const token = await createEmailVerificationToken(c.context.secret, user.email, void 0, c.context.options.emailVerification?.expiresIn);
 				const url = `${c.context.baseURL}/verify-email?token=${token}&callbackURL=${callbackURL}`;
@@ -1821,13 +1803,12 @@ function redirectCallback(ctx, callbackURL, query) {
 }
 const requestPasswordReset = createAuthEndpoint("/request-password-reset", {
 	method: "POST",
-	operationId: "forgetPassword",
 	body: z.object({
 		email: z.email().meta({ description: "The email address of the user to send a password reset email to" }),
 		redirectTo: z.string().meta({ description: "The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN" }).optional()
 	}),
 	metadata: { openapi: {
-		operationId: "forgetPassword",
+		operationId: "requestPasswordReset",
 		description: "Send a password reset email to the user",
 		responses: { "200": {
 			description: "Success",
@@ -1869,11 +1850,7 @@ const requestPasswordReset = createAuthEndpoint("/request-password-reset", {
 	});
 	const callbackURL = redirectTo ? encodeURIComponent(redirectTo) : "";
 	const url = `${ctx.context.baseURL}/reset-password/${verificationToken}?callbackURL=${callbackURL}`;
-	/**
-	* We send the email in the background to prevent timing attacks.
-	* This is to ensure that the response time is consistent regardless of whether the email was sent or not.
-	*/
-	ctx.context.options.emailAndPassword.sendResetPassword({
+	await ctx.context.options.emailAndPassword.sendResetPassword({
 		user: user.user,
 		url,
 		token: verificationToken
@@ -2464,7 +2441,8 @@ const updateUser = () => createAuthEndpoint("/update-user", {
 					},
 					image: {
 						type: "string",
-						description: "The image of the user"
+						description: "The image of the user",
+						nullable: true
 					}
 				}
 			} } } },

package/dist/auth/minimal.d.mts

@@ -1,4 +1,4 @@
-import { o as Auth } from "../index-BTk-wfTL.mjs";
+import { o as Auth } from "../index-CJ4w3OzO.mjs";
 import "../types-CEepZ-RG.mjs";
 import "../helper-DFzV6jvx.mjs";
 import "../index-D8MBzSjs.mjs";

package/dist/auth/minimal.mjs

@@ -1,19 +1,18 @@
 import "../dialect-D9ZUZA4J.mjs";
 import "../get-model-name-D4DUV7S2.mjs";
-import { d as getBaseAdapter } from "../get-migration-wMpq_Lmw.mjs";
-import "../utils-DBbaShi0.mjs";
-import "../crypto-BQxYXGGX.mjs";
-import "../jwt-DzuIBp7t.mjs";
-import "../misc-D8A8FGv2.mjs";
-import "../schema-CSB7dlK0.mjs";
-import "../get-request-ip-RYTz2Uba.mjs";
-import "../json-_HMgPUVh.mjs";
-import "../url-BLNRhCPO.mjs";
-import "../api-q2sbQ7PT.mjs";
-import "../cookies-D_dksn7B.mjs";
-import "../session-CgfX4vv1.mjs";
-import { n as createAuthContext, t as createBetterAuth } from "../base-CPOjsixh.mjs";
-import "../password-DBH2q5D6.mjs";
+import { d as getBaseAdapter } from "../get-migration-Bf0TuCzm.mjs";
+import "../utils-db7gNqd-.mjs";
+import "../crypto-CFUhAR9W.mjs";
+import "../misc-BwNc0MKr.mjs";
+import "../schema-Bb7wzeK_.mjs";
+import "../get-request-ip-D6st-mto.mjs";
+import "../json-CnHxKYpj.mjs";
+import "../url-CB8xCwz-.mjs";
+import "../api-CkmycQ2x.mjs";
+import "../cookies-D72PbWdz.mjs";
+import "../session-AaRl3_x-.mjs";
+import { n as createAuthContext, t as createBetterAuth } from "../base-CiRMFqet.mjs";
+import "../password-BFQK0cLg.mjs";
 import { BetterAuthError } from "@better-auth/core/error";
 
 //#region src/context/init-minimal.ts

package/dist/{auth-DtQf_JUg.mjs → auth-DfR8_5w3.mjs}

@@ -1,6 +1,6 @@
 import { n as getKyselyDatabaseType } from "./dialect-D9ZUZA4J.mjs";
-import { t as getMigrations, u as getAdapter } from "./get-migration-wMpq_Lmw.mjs";
-import { n as createAuthContext, t as createBetterAuth } from "./base-CPOjsixh.mjs";
+import { t as getMigrations, u as getAdapter } from "./get-migration-Bf0TuCzm.mjs";
+import { n as createAuthContext, t as createBetterAuth } from "./base-CiRMFqet.mjs";
 import { BetterAuthError } from "@better-auth/core/error";
 
 //#region src/context/init.ts

package/dist/{base-CPOjsixh.mjs → base-CiRMFqet.mjs}

@@ -1,11 +1,11 @@
 import { a as getAuthTables } from "./get-model-name-D4DUV7S2.mjs";
-import { a as createInternalAdapter } from "./get-migration-wMpq_Lmw.mjs";
-import { t as generateId } from "./utils-DBbaShi0.mjs";
-import { a as verifyPassword, i as hashPassword } from "./crypto-BQxYXGGX.mjs";
-import { r as getOrigin, t as getBaseURL } from "./url-BLNRhCPO.mjs";
-import { a as getEndpoints, n as checkEndpointConflicts, s as router } from "./api-q2sbQ7PT.mjs";
-import { i as getCookies, t as createCookieGetter } from "./cookies-D_dksn7B.mjs";
-import { t as checkPassword } from "./password-DBH2q5D6.mjs";
+import { a as createInternalAdapter } from "./get-migration-Bf0TuCzm.mjs";
+import { t as generateId } from "./utils-db7gNqd-.mjs";
+import { a as verifyPassword, i as hashPassword } from "./crypto-CFUhAR9W.mjs";
+import { r as getOrigin, t as getBaseURL } from "./url-CB8xCwz-.mjs";
+import { a as getEndpoints, n as checkEndpointConflicts, s as router } from "./api-CkmycQ2x.mjs";
+import { i as getCookies, t as createCookieGetter } from "./cookies-D72PbWdz.mjs";
+import { t as checkPassword } from "./password-BFQK0cLg.mjs";
 import { runWithAdapter } from "@better-auth/core/context";
 import { createLogger, env, isProduction, isTest } from "@better-auth/core/env";
 import { BASE_ERROR_CODES, BetterAuthError } from "@better-auth/core/error";
@@ -14,7 +14,7 @@ import { createTelemetry } from "@better-auth/telemetry";
 import defu$1, { defu } from "defu";
 
 //#region src/utils/constants.ts
-const DEFAULT_SECRET = "better-auth-secret-123456789";
+const DEFAULT_SECRET = "better-auth-secret-12345678901234567890";
 
 //#endregion
 //#region src/utils/is-promise.ts
@@ -74,6 +74,29 @@ function getTrustedOrigins(options) {
 
 //#endregion
 //#region src/context/create-context.ts
+/**
+* Estimates the entropy of a string in bits.
+* This is a simple approximation that helps detect low-entropy secrets.
+*/
+function estimateEntropy(str) {
+	const unique = new Set(str).size;
+	if (unique === 0) return 0;
+	return Math.log2(Math.pow(unique, str.length));
+}
+/**
+* Validates that the secret meets minimum security requirements.
+* Throws BetterAuthError if the secret is invalid.
+* Skips validation for DEFAULT_SECRET in test environments only.
+* Only throws for DEFAULT_SECRET in production environment.
+*/
+function validateSecret(secret, logger$1) {
+	const isDefaultSecret = secret === DEFAULT_SECRET;
+	if (isTest()) return;
+	if (isDefaultSecret && isProduction) throw new BetterAuthError("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");
+	if (!secret) throw new BetterAuthError("BETTER_AUTH_SECRET is missing. Set it in your environment or pass `secret` to betterAuth({ secret }).");
+	if (secret.length < 32) throw new BetterAuthError(`Invalid BETTER_AUTH_SECRET: must be at least 32 characters long for adequate security. Generate one with \`npx @better-auth/cli secret\` or \`openssl rand -base64 32\`.`);
+	if (estimateEntropy(secret) < 120) logger$1.warn("[better-auth] Warning: your BETTER_AUTH_SECRET appears low-entropy. Use a randomly generated secret for production.");
+}
 async function createAuthContext(adapter, options, getDatabaseType) {
 	if (!options.database) options = defu$1(options, {
 		session: { cookieCache: {
@@ -91,9 +114,7 @@ async function createAuthContext(adapter, options, getDatabaseType) {
 	const logger$1 = createLogger(options.logger);
 	const baseURL = getBaseURL(options.baseURL, options.basePath);
 	const secret = options.secret || env.BETTER_AUTH_SECRET || env.AUTH_SECRET || DEFAULT_SECRET;
-	if (secret === DEFAULT_SECRET) {
-		if (isProduction) logger$1.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");
-	}
+	validateSecret(secret, logger$1);
 	options = {
 		...options,
 		secret,

package/dist/{bearer-Bb8KNDdJ.mjs → bearer-C6RSCXv_.mjs}

@@ -1,4 +1,4 @@
-import { l as parseSetCookieHeader } from "./cookies-D_dksn7B.mjs";
+import { l as parseSetCookieHeader } from "./cookies-D72PbWdz.mjs";
 import { serializeSignedCookie } from "better-call";
 import { createAuthMiddleware } from "@better-auth/core/api";
 import { createHMAC } from "@better-auth/utils/hmac";

package/dist/{captcha-Dnh5mC7N.mjs → captcha-Dbvurc2Z.mjs}

@@ -1,4 +1,4 @@
-import { t as getIp } from "./get-request-ip-RYTz2Uba.mjs";
+import { t as getIp } from "./get-request-ip-D6st-mto.mjs";
 import { defineErrorCodes } from "@better-auth/core/utils";
 import { betterFetch } from "@better-fetch/fetch";
 

package/dist/{chunk-09eW3CcW.mjs → chunk-DbI2OXuS.mjs}

@@ -10,25 +10,40 @@ var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __commonJS = (cb, mod) => function() {
 	return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
-var __export = (all) => {
+var __export = (all, symbols) => {
 	let target = {};
-	for (var name in all) __defProp(target, name, {
-		get: all[name],
-		enumerable: true
-	});
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
 	return target;
 };
 var __copyProps = (to, from, except, desc) => {
-	if (from && typeof from === "object" || typeof from === "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
-		key = keys[i];
-		if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
-			get: ((k) => from[k]).bind(null, key),
-			enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-		});
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
 	}
 	return to;
 };
-var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __reExport = (target, mod, secondTarget, symbols) => {
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+		secondTarget && __defProp(secondTarget, Symbol.toStringTag, { value: "Module" });
+	}
+	__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default");
+};
 var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
 	value: mod,
 	enumerable: true

package/dist/client/index.d.mts

@@ -1,4 +1,4 @@
-import { At as BroadcastMessage, Ct as OnlineManager, Dt as kFocusManager, Et as FocusManager, Mt as kBroadcastChannel, Ot as BroadcastChannel, St as OnlineListener, Tt as FocusListener, _n as InferSessionFromClient, _t as AuthClient, bn as SessionQueryParams, bt as createSessionRefreshManager, cn as BetterAuthClientPlugin, dn as ClientStore, fn as InferActions, gn as InferPluginsFromClient, gt as Primitive, hn as InferErrorCodes, ht as InferPlugin, jt as getGlobalBroadcastChannel, kt as BroadcastListener, ln as ClientAtomListener, mn as InferClientAPI, mt as InferAuth, on as AtomListener, pn as InferAdditionalFromClient, sn as BetterAuthClientOptions, un as ClientOptions, vn as InferUserFromClient, vt as createAuthClient, wt as kOnlineManager, xn as Store, xt as useAuthQuery, yn as IsSignal, yt as SessionRefreshOptions } from "../index-BTk-wfTL.mjs";
+import { At as BroadcastMessage, Ct as OnlineManager, Dt as kFocusManager, Et as FocusManager, Mt as kBroadcastChannel, Ot as BroadcastChannel, St as OnlineListener, Tt as FocusListener, _n as InferSessionFromClient, _t as AuthClient, bn as SessionQueryParams, bt as createSessionRefreshManager, cn as BetterAuthClientPlugin, dn as ClientStore, fn as InferActions, gn as InferPluginsFromClient, gt as Primitive, hn as InferErrorCodes, ht as InferPlugin, jt as getGlobalBroadcastChannel, kt as BroadcastListener, ln as ClientAtomListener, mn as InferClientAPI, mt as InferAuth, on as AtomListener, pn as InferAdditionalFromClient, sn as BetterAuthClientOptions, un as ClientOptions, vn as InferUserFromClient, vt as createAuthClient, wt as kOnlineManager, xn as Store, xt as useAuthQuery, yn as IsSignal, yt as SessionRefreshOptions } from "../index-CJ4w3OzO.mjs";
 import "../types-CEepZ-RG.mjs";
 import { a as LiteralNumber, c as OmitId, d as PrettifyDeep, g as WithoutEmpty, h as UnionToIntersection, i as HasRequiredKeys, l as PreserveJSDoc, m as StripEmptyObjects, n as DeepPartial, o as LiteralString, p as RequiredKeysOf, r as Expand, s as LiteralUnion, t as Awaitable, u as Prettify } from "../helper-DFzV6jvx.mjs";
 import { a as Role, c as Subset, i as AccessControl, n as createAccessControl, o as Statements, r as role, s as SubArray, t as AuthorizeResponse } from "../index-D8MBzSjs.mjs";

package/dist/client/index.mjs

@@ -1,7 +1,7 @@
-import "../misc-D8A8FGv2.mjs";
-import "../url-BLNRhCPO.mjs";
-import { a as kOnlineManager, c as kBroadcastChannel, i as useAuthQuery, o as kFocusManager, r as createSessionRefreshManager, s as getGlobalBroadcastChannel } from "../proxy-BM5uXHJk.mjs";
-import "../parser-kwbb5q_C.mjs";
-import { n as InferPlugin, r as createAuthClient, t as InferAuth } from "../client-BK3DQpQu.mjs";
+import "../misc-BwNc0MKr.mjs";
+import "../url-CB8xCwz-.mjs";
+import { a as kOnlineManager, c as kBroadcastChannel, i as useAuthQuery, o as kFocusManager, r as createSessionRefreshManager, s as getGlobalBroadcastChannel } from "../proxy-DplNCOES.mjs";
+import "../parser-pHp5yoAv.mjs";
+import { n as InferPlugin, r as createAuthClient, t as InferAuth } from "../client-BN9e9KX1.mjs";
 
 export { InferAuth, InferPlugin, createAuthClient, createSessionRefreshManager, getGlobalBroadcastChannel, kBroadcastChannel, kFocusManager, kOnlineManager, useAuthQuery };