npm - better-auth - Versions diffs - 1.5.1 → 1.5.2 - Mend

better-auth 1.5.1 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/dist/client/index.d.mts +2 -2
package/dist/cookies/cookie-utils.d.mts +1 -1
package/dist/cookies/cookie-utils.mjs +23 -19
package/dist/cookies/cookie-utils.mjs.map +1 -1
package/dist/integrations/next-js.mjs +1 -1
package/dist/integrations/next-js.mjs.map +1 -1
package/dist/integrations/svelte-kit.mjs +1 -1
package/dist/integrations/svelte-kit.mjs.map +1 -1
package/dist/integrations/tanstack-start-solid.mjs +1 -1
package/dist/integrations/tanstack-start-solid.mjs.map +1 -1
package/dist/integrations/tanstack-start.mjs +1 -1
package/dist/integrations/tanstack-start.mjs.map +1 -1
package/dist/plugins/access/index.d.mts +2 -2
package/dist/plugins/access/types.d.mts +2 -1
package/dist/plugins/admin/admin.d.mts +3 -3
package/dist/plugins/admin/client.d.mts +3 -3
package/dist/plugins/admin/client.mjs.map +1 -1
package/dist/plugins/admin/routes.mjs.map +1 -1
package/dist/plugins/index.d.mts +2 -2
package/dist/plugins/organization/client.d.mts +3 -3
package/dist/plugins/organization/client.mjs.map +1 -1
package/dist/plugins/organization/organization.d.mts +3 -3
package/dist/plugins/organization/organization.mjs.map +1 -1
package/package.json +8 -8

package/dist/client/index.d.mts CHANGED Viewed

@@ -7,7 +7,7 @@ import { parseJSON } from "./parser.mjs";
 import { AuthQueryAtom, useAuthQuery } from "./query.mjs";
 import { SessionRefreshOptions, createSessionRefreshManager } from "./session-refresh.mjs";
 import { AuthClient, createAuthClient } from "./vanilla.mjs";
-import { AccessControl, Role, Statements, SubArray, Subset } from "../plugins/access/types.mjs";
+import { AccessControl, ArrayElement, Role, Statements, SubArray, Subset } from "../plugins/access/types.mjs";
 import { AuthorizeResponse, createAccessControl, role } from "../plugins/access/access.mjs";
 import "../plugins/access/index.mjs";
 import { OrganizationOptions } from "../plugins/organization/types.mjs";
@@ -31,5 +31,5 @@ declare function InferAuth<O extends {
   options: BetterAuthOptions;
 }>(): O["options"];
 //#endregion
-export { AccessControl, AuthClient, AuthQueryAtom, AuthorizeResponse, BetterAuthClientOptions, BetterAuthClientPlugin, BroadcastChannel, BroadcastListener, BroadcastMessage, ClientAtomListener, ClientStore, type DBPrimitive, DefaultOrganizationPlugin, DynamicAccessControlEndpoints, type FocusListener, type FocusManager, HasRequiredKeys, InferActions, InferAdditionalFromClient, InferAuth, InferClientAPI, InferErrorCodes, InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPlugin, InferSessionFromClient, InferTeam, InferUserFromClient, Invitation, InvitationInput, InvitationStatus, IsSignal, Member, MemberInput, type OnlineListener, type OnlineManager, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Prettify, PrettifyDeep, RequiredKeysOf, Role, SessionQueryParams, SessionRefreshOptions, Statements, StripEmptyObjects, SubArray, Subset, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, type UnionToIntersection, createAccessControl, createAuthClient, createSessionRefreshManager, defaultRolesSchema, getGlobalBroadcastChannel, getOrgAdapter, hasPermission, invitationSchema, invitationStatus, kBroadcastChannel, kFocusManager, kOnlineManager, memberSchema, organization, organizationRoleSchema, organizationSchema, parseJSON, parseRoles, role, roleSchema, teamMemberSchema, teamSchema, useAuthQuery };
+export { AccessControl, ArrayElement, AuthClient, AuthQueryAtom, AuthorizeResponse, BetterAuthClientOptions, BetterAuthClientPlugin, BroadcastChannel, BroadcastListener, BroadcastMessage, ClientAtomListener, ClientStore, type DBPrimitive, DefaultOrganizationPlugin, DynamicAccessControlEndpoints, type FocusListener, type FocusManager, HasRequiredKeys, InferActions, InferAdditionalFromClient, InferAuth, InferClientAPI, InferErrorCodes, InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPlugin, InferSessionFromClient, InferTeam, InferUserFromClient, Invitation, InvitationInput, InvitationStatus, IsSignal, Member, MemberInput, type OnlineListener, type OnlineManager, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Prettify, PrettifyDeep, RequiredKeysOf, Role, SessionQueryParams, SessionRefreshOptions, Statements, StripEmptyObjects, SubArray, Subset, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, type UnionToIntersection, createAccessControl, createAuthClient, createSessionRefreshManager, defaultRolesSchema, getGlobalBroadcastChannel, getOrgAdapter, hasPermission, invitationSchema, invitationStatus, kBroadcastChannel, kFocusManager, kOnlineManager, memberSchema, organization, organizationRoleSchema, organizationSchema, parseJSON, parseRoles, role, roleSchema, teamMemberSchema, teamSchema, useAuthQuery };
 //# sourceMappingURL=index.d.mts.map

package/dist/cookies/cookie-utils.d.mts CHANGED Viewed

@@ -17,7 +17,7 @@ declare const HOST_COOKIE_PREFIX = "__Host-";
  */
 declare function stripSecureCookiePrefix(cookieName: string): string;
 /**
- * Split `Set-Cookie` header, handling commas in `Expires` dates.
+ * Split a comma-joined `Set-Cookie` header string into individual cookies.
  */
 declare function splitSetCookieHeader(setCookie: string): string[];
 declare function parseSetCookieHeader(setCookie: string): Map<string, CookieAttributes>;

package/dist/cookies/cookie-utils.mjs CHANGED Viewed

@@ -1,4 +1,11 @@
 //#region src/cookies/cookie-utils.ts
+function tryDecode(str) {
+	try {
+		return decodeURIComponent(str);
+	} catch {
+		return str;
+	}
+}
 const SECURE_COOKIE_PREFIX = "__Secure-";
 const HOST_COOKIE_PREFIX = "__Host-";
 /**
@@ -10,34 +17,31 @@ function stripSecureCookiePrefix(cookieName) {
 	return cookieName;
 }
 /**
-* Split `Set-Cookie` header, handling commas in `Expires` dates.
+* Split a comma-joined `Set-Cookie` header string into individual cookies.
 */
 function splitSetCookieHeader(setCookie) {
 	if (!setCookie) return [];
 	const result = [];
-	let current = "";
+	let start = 0;
 	let i = 0;
 	while (i < setCookie.length) {
-		const c = setCookie[i];
-		if (c === ",") {
-			const lower = current.toLowerCase();
-			if (lower.includes("expires=") && !lower.includes("gmt")) {
-				current += c;
-				i++;
-			} else {
-				const trimmed = current.trim();
-				if (trimmed) result.push(trimmed);
-				current = "";
-				i++;
-				if (i < setCookie.length && setCookie[i] === " ") i++;
+		if (setCookie[i] === ",") {
+			let j = i + 1;
+			while (j < setCookie.length && setCookie[j] === " ") j++;
+			while (j < setCookie.length && setCookie[j] !== "=" && setCookie[j] !== ";" && setCookie[j] !== ",") j++;
+			if (j < setCookie.length && setCookie[j] === "=") {
+				const part = setCookie.slice(start, i).trim();
+				if (part) result.push(part);
+				start = i + 1;
+				while (start < setCookie.length && setCookie[start] === " ") start++;
+				i = start;
+				continue;
 			}
-			continue;
 		}
-		current += c;
 		i++;
 	}
-	const trimmed = current.trim();
-	if (trimmed) result.push(trimmed);
+	const last = setCookie.slice(start).trim();
+	if (last) result.push(last);
 	return result;
 }
 function parseSetCookieHeader(setCookie) {
@@ -47,7 +51,7 @@ function parseSetCookieHeader(setCookie) {
 		const [name, ...valueParts] = (nameValue || "").split("=");
 		const value = valueParts.join("=");
 		if (!name || value === void 0) return;
-		const attrObj = { value };
+		const attrObj = { value: value.includes("%") ? tryDecode(value) : value };
 		attributes.forEach((attribute) => {
 			const [attrName, ...attrValueParts] = attribute.split("=");
 			const attrValue = attrValueParts.join("=");

package/dist/cookies/cookie-utils.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cookie-utils.mjs","names":[],"sources":["../../src/cookies/cookie-utils.ts"],"sourcesContent":["~~export~~ interface CookieAttributes {\n\tvalue: string;\n\t\"max-age\"?: number \| undefined;\n\texpires?: Date \| undefined;\n\tdomain?: string \| undefined;\n\tpath?: string \| undefined;\n\tsecure?: boolean \| undefined;\n\thttponly?: boolean \| undefined;\n\tsamesite?: (\"strict\" \| \"lax\" \| \"none\") \| undefined;\n\t[key: string]: any;\n}\n\nexport const SECURE_COOKIE_PREFIX = \"__Secure-\";\nexport const HOST_COOKIE_PREFIX = \"__Host-\";\n\n/*\n Remove __Secure- or __Host- prefix from cookie name.\n /\nexport function stripSecureCookiePrefix(cookieName: string): string {\n\tif (cookieName.startsWith(SECURE_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(SECURE_COOKIE_PREFIX.length);\n\t}\n\tif (cookieName.startsWith(HOST_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(HOST_COOKIE_PREFIX.length);\n\t}\n\treturn cookieName;\n}\n\n/\n Split `Set-Cookie` header, ~~handling~~ ~~commas~~ in ~~`Expires` dates~~.\n */\nexport function splitSetCookieHeader(setCookie: string): string[] {\n\tif (!setCookie) return [];\n\n\tconst result: string[] = [];\n\tlet ~~current~~ = ~~\"\"~~;\n\tlet i = 0;\n\n\twhile (i < setCookie.length) {\n\t\~~tconst~~ ~~c =~~ setCookie[i]~~;\n\n\t\tif~~ (c === \",\") {\n\t\t\~~tconst~~ ~~lower~~ = ~~current.toLowerCase()~~;\n\t\t\~~tif~~ (~~lower~~.~~includes(\"expires=\")~~ && ~~!lower.includes(~~\"~~gmt~~\")) {\n\t\t\t\~~tcurrent~~ += ~~c;\~~n\t\t\t\~~ti++;\~~n\t\t\t} ~~else~~ {\n\t\t\t\~~tconst~~ ~~trimmed~~ ~~= current.trim();\~~n\t\t\t~~\tif (trimmed~~) {\n\t\t\t\~~t\tresult.push(trimmed);\~~n\t\t\t\t}\n\t\t\t\~~tcurrent~~ = \"\";\n\t\t\t\~~ti++;\~~n\t\t\t\~~tif~~ (i < setCookie.length && setCookie[i] === \" \") {\n\t\t\t\t\ti~~++;\~~n\t\t\t\~~t}\~~n\t\t\t}\n\t\t~~\tcontinue;\n\t\t~~}\n\n\t\~~tcurrent += c;\n\t\~~ti++;\n\t}\n\n\tconst ~~trimmed~~ = ~~current~~.trim();\n\tif (~~trimmed~~) ~~{\n\t\tresult~~.push(~~trimmed~~);\n\~~t}\~~n\n\treturn result;\n}\n\nexport function parseSetCookieHeader(\n\tsetCookie: string,\n): Map<string, CookieAttributes> {\n\tconst cookies = new Map<string, CookieAttributes>();\n\tconst cookieArray = splitSetCookieHeader(setCookie);\n\n\tcookieArray.forEach((cookieString) => {\n\t\tconst parts = cookieString.split(\";\").map((part) => part.trim());\n\t\tconst [nameValue, ...attributes] = parts;\n\t\tconst [name, ...valueParts] = (nameValue \|\| \"\").split(\"=\");\n\n\t\tconst value = valueParts.join(\"=\");\n\n\t\tif (!name \|\| value === undefined) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst attrObj: CookieAttributes = { value };\n\n\t\tattributes.forEach((attribute) => {\n\t\t\tconst [attrName, ...attrValueParts] = attribute!.split(\"=\");\n\t\t\tconst attrValue = attrValueParts.join(\"=\");\n\n\t\t\tconst normalizedAttrName = attrName!.trim().toLowerCase();\n\n\t\t\tswitch (normalizedAttrName) {\n\t\t\t\tcase \"max-age\":\n\t\t\t\t\tattrObj[\"max-age\"] = attrValue\n\t\t\t\t\t\t? parseInt(attrValue.trim(), 10)\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"expires\":\n\t\t\t\t\tattrObj.expires = attrValue ? new Date(attrValue.trim()) : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"domain\":\n\t\t\t\t\tattrObj.domain = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"path\":\n\t\t\t\t\tattrObj.path = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"secure\":\n\t\t\t\t\tattrObj.secure = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"httponly\":\n\t\t\t\t\tattrObj.httponly = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"samesite\":\n\t\t\t\t\tattrObj.samesite = attrValue\n\t\t\t\t\t\t? (attrValue.trim().toLowerCase() as \"strict\" \| \"lax\" \| \"none\")\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\t// Handle any other attributes\n\t\t\t\t\tattrObj[normalizedAttrName] = attrValue ? attrValue.trim() : true;\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t});\n\n\t\tcookies.set(name, attrObj);\n\t});\n\n\treturn cookies;\n}\n\nexport function setCookieToHeader(headers: Headers) {\n\treturn (context: { response: Response }) => {\n\t\tconst setCookieHeader = context.response.headers.get(\"set-cookie\");\n\t\tif (!setCookieHeader) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst cookieMap = new Map<string, string>();\n\n\t\tconst existingCookiesHeader = headers.get(\"cookie\") \|\| \"\";\n\t\texistingCookiesHeader.split(\";\").forEach((cookie) => {\n\t\t\tconst [name, ...rest] = cookie!.trim().split(\"=\");\n\t\t\tif (name && rest.length > 0) {\n\t\t\t\tcookieMap.set(name, rest.join(\"=\"));\n\t\t\t}\n\t\t});\n\n\t\tconst cookies = parseSetCookieHeader(setCookieHeader);\n\t\tcookies.forEach((value, name) => {\n\t\t\tcookieMap.set(name, value.value);\n\t\t});\n\n\t\tconst updatedCookies = Array.from(cookieMap.entries())\n\t\t\t.map(([name, value]) => `${name}=${value}`)\n\t\t\t.join(\"; \");\n\t\theaders.set(\"cookie\", updatedCookies);\n\t};\n}\n"],"mappings":";~~AAYA~~,MAAa,uBAAuB;AACpC,MAAa,qBAAqB;;;;AAKlC,SAAgB,wBAAwB,YAA4B;AACnE,KAAI,WAAW,WAAW,qBAAqB,CAC9C,QAAO,WAAW,MAAM,EAA4B;AAErD,KAAI,WAAW,WAAW,mBAAmB,CAC5C,QAAO,WAAW,MAAM,EAA0B;AAEnD,QAAO;;;;;AAMR,SAAgB,qBAAqB,WAA6B;AACjE,KAAI,CAAC,UAAW,QAAO,EAAE;CAEzB,MAAM,SAAmB,EAAE;CAC3B,IAAI,~~UAAU~~;~~CACd~~,IAAI,IAAI;AAER,QAAO,IAAI,UAAU,QAAQ;~~EAC5B~~,~~MAAM~~,~~IAAI~~,~~UAAU~~;~~AAEpB~~,~~MAAI~~,~~MAAM~~,~~KAAK~~;~~GACd~~,~~MAAM~~,~~QAAQ~~,~~QAAQ~~,~~aAAa;AACnC~~,~~OAAI~~,~~MAAM~~,~~SAAS~~,~~WAAW~~,IAAI,~~CAAC~~,~~MAAM~~,~~SAAS~~,~~MAAM~~,~~EAAE~~;~~AACzD~~,~~eAAW~~;~~AACX;UACM;IACN~~,MAAM,UAAU,~~QAAQ~~,MAAM;~~AAC9B~~,QAAI,~~QACH~~,QAAO,KAAK,~~QAAQ~~;~~AAErB~~,~~cAAU~~;~~AACV;AACA~~,~~QAAI~~,~~IAAI~~,UAAU,UAAU,UAAU,~~OAAO~~,~~IAC5C;;AAGF;;AAGD~~,~~aAAW~~;~~AACX~~;;CAGD,MAAM,UAAU,~~QAAQ~~,MAAM;~~AAC9B~~,KAAI,~~QACH~~,QAAO,KAAK,~~QAAQ~~;~~AAGrB~~,QAAO;;AAGR,SAAgB,qBACf,WACgC;CAChC,MAAM,0BAAU,IAAI,KAA+B;AAGnD,CAFoB,qBAAqB,UAAU,CAEvC,SAAS,iBAAiB;EAErC,MAAM,CAAC,WAAW,GAAG,cADP,aAAa,MAAM,IAAI,CAAC,KAAK,SAAS,KAAK,MAAM,CAAC;EAEhE,MAAM,CAAC,MAAM,GAAG,eAAe,aAAa,IAAI,MAAM,IAAI;EAE1D,MAAM,QAAQ,WAAW,KAAK,IAAI;AAElC,MAAI,CAAC,QAAQ,UAAU,OACtB;~~EAGD~~,MAAM,UAA4B,EAAE,~~OAAO~~;~~AAE3C~~,aAAW,SAAS,cAAc;GACjC,MAAM,CAAC,UAAU,GAAG,kBAAkB,UAAW,MAAM,IAAI;GAC3D,MAAM,YAAY,eAAe,KAAK,IAAI;GAE1C,MAAM,qBAAqB,SAAU,MAAM,CAAC,aAAa;AAEzD,WAAQ,oBAAR;IACC,KAAK;AACJ,aAAQ,aAAa,YAClB,SAAS,UAAU,MAAM,EAAE,GAAG,GAC9B;AACH;IACD,KAAK;AACJ,aAAQ,UAAU,YAAY,IAAI,KAAK,UAAU,MAAM,CAAC,GAAG;AAC3D;IACD,KAAK;AACJ,aAAQ,SAAS,YAAY,UAAU,MAAM,GAAG;AAChD;IACD,KAAK;AACJ,aAAQ,OAAO,YAAY,UAAU,MAAM,GAAG;AAC9C;IACD,KAAK;AACJ,aAAQ,SAAS;AACjB;IACD,KAAK;AACJ,aAAQ,WAAW;AACnB;IACD,KAAK;AACJ,aAAQ,WAAW,YACf,UAAU,MAAM,CAAC,aAAa,GAC/B;AACH;IACD;AAEC,aAAQ,sBAAsB,YAAY,UAAU,MAAM,GAAG;AAC7D;;IAED;AAEF,UAAQ,IAAI,MAAM,QAAQ;GACzB;AAEF,QAAO;;AAGR,SAAgB,kBAAkB,SAAkB;AACnD,SAAQ,YAAoC;EAC3C,MAAM,kBAAkB,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAClE,MAAI,CAAC,gBACJ;EAGD,MAAM,4BAAY,IAAI,KAAqB;AAG3C,GAD8B,QAAQ,IAAI,SAAS,IAAI,IACjC,MAAM,IAAI,CAAC,SAAS,WAAW;GACpD,MAAM,CAAC,MAAM,GAAG,QAAQ,OAAQ,MAAM,CAAC,MAAM,IAAI;AACjD,OAAI,QAAQ,KAAK,SAAS,EACzB,WAAU,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC;IAEnC;AAGF,EADgB,qBAAqB,gBAAgB,CAC7C,SAAS,OAAO,SAAS;AAChC,aAAU,IAAI,MAAM,MAAM,MAAM;IAC/B;EAEF,MAAM,iBAAiB,MAAM,KAAK,UAAU,SAAS,CAAC,CACpD,KAAK,CAAC,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAC1C,KAAK,KAAK;AACZ,UAAQ,IAAI,UAAU,eAAe"}
1	+ {"version":3,"file":"cookie-utils.mjs","names":[],"sources":["../../src/cookies/cookie-utils.ts"],"sourcesContent":["function tryDecode(str: string): string {\n\ttry {\n\t\treturn decodeURIComponent(str);\n\t} catch {\n\t\treturn str;\n\t}\n}\n\nexport interface CookieAttributes {\n\tvalue: string;\n\t\"max-age\"?: number \| undefined;\n\texpires?: Date \| undefined;\n\tdomain?: string \| undefined;\n\tpath?: string \| undefined;\n\tsecure?: boolean \| undefined;\n\thttponly?: boolean \| undefined;\n\tsamesite?: (\"strict\" \| \"lax\" \| \"none\") \| undefined;\n\t[key: string]: any;\n}\n\nexport const SECURE_COOKIE_PREFIX = \"__Secure-\";\nexport const HOST_COOKIE_PREFIX = \"__Host-\";\n\n/*\n Remove __Secure- or __Host- prefix from cookie name.\n /\nexport function stripSecureCookiePrefix(cookieName: string): string {\n\tif (cookieName.startsWith(SECURE_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(SECURE_COOKIE_PREFIX.length);\n\t}\n\tif (cookieName.startsWith(HOST_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(HOST_COOKIE_PREFIX.length);\n\t}\n\treturn cookieName;\n}\n\n/\n Split a comma-joined `Set-Cookie` header string into individual cookies.\n */\nexport function splitSetCookieHeader(setCookie: string): string[] {\n\tif (!setCookie) return [];\n\n\tconst result: string[] = [];\n\tlet start = 0;\n\tlet i = 0;\n\n\twhile (i < setCookie.length) {\n\t\tif (setCookie[i] === \",\") {\n\t\t\tlet j = i + 1;\n\t\t\twhile (j < setCookie.length && setCookie[j] === \" \") j++;\n\t\t\twhile (\n\t\t\t\tj < setCookie.length &&\n\t\t\t\tsetCookie[j] !== \"=\" &&\n\t\t\t\tsetCookie[j] !== \";\" &&\n\t\t\t\tsetCookie[j] !== \",\"\n\t\t\t) {\n\t\t\t\tj++;\n\t\t\t}\n\n\t\t\tif (j < setCookie.length && setCookie[j] === \"=\") {\n\t\t\t\tconst part = setCookie.slice(start, i).trim();\n\t\t\t\tif (part) result.push(part);\n\t\t\t\tstart = i + 1;\n\t\t\t\twhile (start < setCookie.length && setCookie[start] === \" \") start++;\n\t\t\t\ti = start;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t}\n\n\t\ti++;\n\t}\n\n\tconst last = setCookie.slice(start).trim();\n\tif (last) result.push(last);\n\n\treturn result;\n}\n\nexport function parseSetCookieHeader(\n\tsetCookie: string,\n): Map<string, CookieAttributes> {\n\tconst cookies = new Map<string, CookieAttributes>();\n\tconst cookieArray = splitSetCookieHeader(setCookie);\n\n\tcookieArray.forEach((cookieString) => {\n\t\tconst parts = cookieString.split(\";\").map((part) => part.trim());\n\t\tconst [nameValue, ...attributes] = parts;\n\t\tconst [name, ...valueParts] = (nameValue \|\| \"\").split(\"=\");\n\n\t\tconst value = valueParts.join(\"=\");\n\n\t\tif (!name \|\| value === undefined) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst decodedValue = value.includes(\"%\") ? tryDecode(value) : value;\n\t\tconst attrObj: CookieAttributes = { value: decodedValue };\n\n\t\tattributes.forEach((attribute) => {\n\t\t\tconst [attrName, ...attrValueParts] = attribute!.split(\"=\");\n\t\t\tconst attrValue = attrValueParts.join(\"=\");\n\n\t\t\tconst normalizedAttrName = attrName!.trim().toLowerCase();\n\n\t\t\tswitch (normalizedAttrName) {\n\t\t\t\tcase \"max-age\":\n\t\t\t\t\tattrObj[\"max-age\"] = attrValue\n\t\t\t\t\t\t? parseInt(attrValue.trim(), 10)\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"expires\":\n\t\t\t\t\tattrObj.expires = attrValue ? new Date(attrValue.trim()) : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"domain\":\n\t\t\t\t\tattrObj.domain = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"path\":\n\t\t\t\t\tattrObj.path = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"secure\":\n\t\t\t\t\tattrObj.secure = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"httponly\":\n\t\t\t\t\tattrObj.httponly = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"samesite\":\n\t\t\t\t\tattrObj.samesite = attrValue\n\t\t\t\t\t\t? (attrValue.trim().toLowerCase() as \"strict\" \| \"lax\" \| \"none\")\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\t// Handle any other attributes\n\t\t\t\t\tattrObj[normalizedAttrName] = attrValue ? attrValue.trim() : true;\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t});\n\n\t\tcookies.set(name, attrObj);\n\t});\n\n\treturn cookies;\n}\n\nexport function setCookieToHeader(headers: Headers) {\n\treturn (context: { response: Response }) => {\n\t\tconst setCookieHeader = context.response.headers.get(\"set-cookie\");\n\t\tif (!setCookieHeader) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst cookieMap = new Map<string, string>();\n\n\t\tconst existingCookiesHeader = headers.get(\"cookie\") \|\| \"\";\n\t\texistingCookiesHeader.split(\";\").forEach((cookie) => {\n\t\t\tconst [name, ...rest] = cookie!.trim().split(\"=\");\n\t\t\tif (name && rest.length > 0) {\n\t\t\t\tcookieMap.set(name, rest.join(\"=\"));\n\t\t\t}\n\t\t});\n\n\t\tconst cookies = parseSetCookieHeader(setCookieHeader);\n\t\tcookies.forEach((value, name) => {\n\t\t\tcookieMap.set(name, value.value);\n\t\t});\n\n\t\tconst updatedCookies = Array.from(cookieMap.entries())\n\t\t\t.map(([name, value]) => `${name}=${value}`)\n\t\t\t.join(\"; \");\n\t\theaders.set(\"cookie\", updatedCookies);\n\t};\n}\n"],"mappings":";AAAA,SAAS,UAAU,KAAqB;AACvC,KAAI;AACH,SAAO,mBAAmB,IAAI;SACvB;AACP,SAAO;;;AAgBT,MAAa,uBAAuB;AACpC,MAAa,qBAAqB;;;;AAKlC,SAAgB,wBAAwB,YAA4B;AACnE,KAAI,WAAW,WAAW,qBAAqB,CAC9C,QAAO,WAAW,MAAM,EAA4B;AAErD,KAAI,WAAW,WAAW,mBAAmB,CAC5C,QAAO,WAAW,MAAM,EAA0B;AAEnD,QAAO;;;;;AAMR,SAAgB,qBAAqB,WAA6B;AACjE,KAAI,CAAC,UAAW,QAAO,EAAE;CAEzB,MAAM,SAAmB,EAAE;CAC3B,IAAI,QAAQ;CACZ,IAAI,IAAI;AAER,QAAO,IAAI,UAAU,QAAQ;AAC5B,MAAI,UAAU,OAAO,KAAK;GACzB,IAAI,IAAI,IAAI;AACZ,UAAO,IAAI,UAAU,UAAU,UAAU,OAAO,IAAK;AACrD,UACC,IAAI,UAAU,UACd,UAAU,OAAO,OACjB,UAAU,OAAO,OACjB,UAAU,OAAO,IAEjB;AAGD,OAAI,IAAI,UAAU,UAAU,UAAU,OAAO,KAAK;IACjD,MAAM,OAAO,UAAU,MAAM,OAAO,EAAE,CAAC,MAAM;AAC7C,QAAI,KAAM,QAAO,KAAK,KAAK;AAC3B,YAAQ,IAAI;AACZ,WAAO,QAAQ,UAAU,UAAU,UAAU,WAAW,IAAK;AAC7D,QAAI;AACJ;;;AAIF;;CAGD,MAAM,OAAO,UAAU,MAAM,MAAM,CAAC,MAAM;AAC1C,KAAI,KAAM,QAAO,KAAK,KAAK;AAE3B,QAAO;;AAGR,SAAgB,qBACf,WACgC;CAChC,MAAM,0BAAU,IAAI,KAA+B;AAGnD,CAFoB,qBAAqB,UAAU,CAEvC,SAAS,iBAAiB;EAErC,MAAM,CAAC,WAAW,GAAG,cADP,aAAa,MAAM,IAAI,CAAC,KAAK,SAAS,KAAK,MAAM,CAAC;EAEhE,MAAM,CAAC,MAAM,GAAG,eAAe,aAAa,IAAI,MAAM,IAAI;EAE1D,MAAM,QAAQ,WAAW,KAAK,IAAI;AAElC,MAAI,CAAC,QAAQ,UAAU,OACtB;EAID,MAAM,UAA4B,EAAE,OADf,MAAM,SAAS,IAAI,GAAG,UAAU,MAAM,GAAG,OACL;AAEzD,aAAW,SAAS,cAAc;GACjC,MAAM,CAAC,UAAU,GAAG,kBAAkB,UAAW,MAAM,IAAI;GAC3D,MAAM,YAAY,eAAe,KAAK,IAAI;GAE1C,MAAM,qBAAqB,SAAU,MAAM,CAAC,aAAa;AAEzD,WAAQ,oBAAR;IACC,KAAK;AACJ,aAAQ,aAAa,YAClB,SAAS,UAAU,MAAM,EAAE,GAAG,GAC9B;AACH;IACD,KAAK;AACJ,aAAQ,UAAU,YAAY,IAAI,KAAK,UAAU,MAAM,CAAC,GAAG;AAC3D;IACD,KAAK;AACJ,aAAQ,SAAS,YAAY,UAAU,MAAM,GAAG;AAChD;IACD,KAAK;AACJ,aAAQ,OAAO,YAAY,UAAU,MAAM,GAAG;AAC9C;IACD,KAAK;AACJ,aAAQ,SAAS;AACjB;IACD,KAAK;AACJ,aAAQ,WAAW;AACnB;IACD,KAAK;AACJ,aAAQ,WAAW,YACf,UAAU,MAAM,CAAC,aAAa,GAC/B;AACH;IACD;AAEC,aAAQ,sBAAsB,YAAY,UAAU,MAAM,GAAG;AAC7D;;IAED;AAEF,UAAQ,IAAI,MAAM,QAAQ;GACzB;AAEF,QAAO;;AAGR,SAAgB,kBAAkB,SAAkB;AACnD,SAAQ,YAAoC;EAC3C,MAAM,kBAAkB,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAClE,MAAI,CAAC,gBACJ;EAGD,MAAM,4BAAY,IAAI,KAAqB;AAG3C,GAD8B,QAAQ,IAAI,SAAS,IAAI,IACjC,MAAM,IAAI,CAAC,SAAS,WAAW;GACpD,MAAM,CAAC,MAAM,GAAG,QAAQ,OAAQ,MAAM,CAAC,MAAM,IAAI;AACjD,OAAI,QAAQ,KAAK,SAAS,EACzB,WAAU,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC;IAEnC;AAGF,EADgB,qBAAqB,gBAAgB,CAC7C,SAAS,OAAO,SAAS;AAChC,aAAU,IAAI,MAAM,MAAM,MAAM;IAC/B;EAEF,MAAM,iBAAiB,MAAM,KAAK,UAAU,SAAS,CAAC,CACpD,KAAK,CAAC,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAC1C,KAAK,KAAK;AACZ,UAAQ,IAAI,UAAU,eAAe"}

package/dist/integrations/next-js.mjs CHANGED Viewed

@@ -70,7 +70,7 @@ const nextCookies = () => {
 								path: value.path
 							};
 							try {
-								cookieHelper.set(key, decodeURIComponent(value.value), opts);
+								cookieHelper.set(key, value.value, opts);
 							} catch {}
 						});
 						return;

package/dist/integrations/next-js.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"next-js.mjs","names":[],"sources":["../../src/integrations/next-js.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { setShouldSkipSessionRefresh } from \"../api/state/should-session-refresh\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\nexport function toNextJsHandler(\n\tauth:\n\t\t\| {\n\t\t\t\thandler: (request: Request) => Promise<Response>;\n\t\t }\n\t\t\| ((request: Request) => Promise<Response>),\n) {\n\tconst handler = async (request: Request) => {\n\t\treturn \"handler\" in auth ? auth.handler(request) : auth(request);\n\t};\n\treturn {\n\t\tGET: handler,\n\t\tPOST: handler,\n\t\tPATCH: handler,\n\t\tPUT: handler,\n\t\tDELETE: handler,\n\t};\n}\n\nexport const nextCookies = () => {\n\treturn {\n\t\tid: \"next-cookies\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn ctx.path === \"/get-session\";\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async () => {\n\t\t\t\t\t\t// Detect Server Component by testing if cookies can be modified.\n\t\t\t\t\t\t// In Server Components, `cookies().set()` throws an error.\n\t\t\t\t\t\t// In Server Actions or Route Handlers, it succeeds.\n\t\t\t\t\t\tlet cookieStore: Awaited<\n\t\t\t\t\t\t\tReturnType<typeof import(\"next/headers.js\").cookies>\n\t\t\t\t\t\t>;\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tcookieStore = await cookies();\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t// import failed or not in request context\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tcookieStore.set(\"__better-auth-cookie-store\", \"1\", { maxAge: 0 });\n\t\t\t\t\t\t\t// If cookie was set successfully, we should clean up.\n\t\t\t\t\t\t\tcookieStore.delete(\"__better-auth-cookie-store\");\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\tawait setShouldSkipSessionRefresh(true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tlet cookieHelper: Awaited<ReturnType<typeof cookies>>;\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\tcookieHelper = await cookies();\n\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t\terror instanceof Error &&\n\t\t\t\t\t\t\t\t\terror.message.startsWith(\n\t\t\t\t\t\t\t\t\t\t\"`cookies` was called outside a request scope.\",\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t// If error it means the `cookies` was called outside request scope.\n\t\t\t\t\t\t\t\t\t// NextJS docs on this: https://nextjs.org/docs/messages/next-dynamic-api-wrong-context\n\t\t\t\t\t\t\t\t\t// This often gets called in a monorepo workspace (outside of NextJS),\n\t\t\t\t\t\t\t\t\t// so we will try to catch this suppress it, and ignore using next-cookies.\n\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t// If it's an unexpected error, throw it.\n\t\t\t\t\t\t\t\tthrow error;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tcookieHelper.set(key, ~~decodeURIComponent(~~value.value), opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;AAKA,SAAgB,gBACf,MAKC;CACD,MAAM,UAAU,OAAO,YAAqB;AAC3C,SAAO,aAAa,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,QAAQ;;AAEjE,QAAO;EACN,KAAK;EACL,MAAM;EACN,OAAO;EACP,KAAK;EACL,QAAQ;EACR;;AAGF,MAAa,oBAAoB;AAChC,QAAO;EACN,IAAI;EACJ,OAAO;GACN,QAAQ,CACP;IACC,QAAQ,KAAK;AACZ,YAAO,IAAI,SAAS;;IAErB,SAAS,qBAAqB,YAAY;KAIzC,IAAI;AAGJ,SAAI;MACH,MAAM,EAAE,YAAY,MAAM,OAAO;AACjC,oBAAc,MAAM,SAAS;aACtB;AAEP;;AAED,SAAI;AACH,kBAAY,IAAI,8BAA8B,KAAK,EAAE,QAAQ,GAAG,CAAC;AAEjE,kBAAY,OAAO,6BAA6B;aACzC;AACP,YAAM,4BAA4B,KAAK;;MAEvC;IACF,CACD;GACD,OAAO,CACN;IACC,QAAQ,KAAK;AACZ,YAAO;;IAER,SAAS,qBAAqB,OAAO,QAAQ;KAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,SAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,SAAI,oBAAoB,SAAS;MAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,UAAI,CAAC,WAAY;MACjB,MAAM,SAAS,qBAAqB,WAAW;MAC/C,MAAM,EAAE,YAAY,MAAM,OAAO;MACjC,IAAI;AACJ,UAAI;AACH,sBAAe,MAAM,SAAS;eACtB,OAAO;AACf,WACC,iBAAiB,SACjB,MAAM,QAAQ,WACb,gDACA,CAMD;AAGD,aAAM;;AAEP,aAAO,SAAS,OAAO,QAAQ;AAC9B,WAAI,CAAC,IAAK;OACV,MAAM,OAAO;QACZ,UAAU,MAAM;QAChB,QAAQ,MAAM;QACd,QAAQ,MAAM;QACd,UAAU,MAAM;QAChB,QAAQ,MAAM;QACd,MAAM,MAAM;QACZ;AACD,WAAI;AACH,qBAAa,IAAI,KAAK,~~mBAAmB,~~MAAM,~~MAAM~~,~~EAAE,~~KAAK;~~eACrD~~;QAGP;AACF;;MAEA;IACF,CACD;GACD;EACD"}
1	+ {"version":3,"file":"next-js.mjs","names":[],"sources":["../../src/integrations/next-js.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { setShouldSkipSessionRefresh } from \"../api/state/should-session-refresh\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\nexport function toNextJsHandler(\n\tauth:\n\t\t\| {\n\t\t\t\thandler: (request: Request) => Promise<Response>;\n\t\t }\n\t\t\| ((request: Request) => Promise<Response>),\n) {\n\tconst handler = async (request: Request) => {\n\t\treturn \"handler\" in auth ? auth.handler(request) : auth(request);\n\t};\n\treturn {\n\t\tGET: handler,\n\t\tPOST: handler,\n\t\tPATCH: handler,\n\t\tPUT: handler,\n\t\tDELETE: handler,\n\t};\n}\n\nexport const nextCookies = () => {\n\treturn {\n\t\tid: \"next-cookies\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn ctx.path === \"/get-session\";\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async () => {\n\t\t\t\t\t\t// Detect Server Component by testing if cookies can be modified.\n\t\t\t\t\t\t// In Server Components, `cookies().set()` throws an error.\n\t\t\t\t\t\t// In Server Actions or Route Handlers, it succeeds.\n\t\t\t\t\t\tlet cookieStore: Awaited<\n\t\t\t\t\t\t\tReturnType<typeof import(\"next/headers.js\").cookies>\n\t\t\t\t\t\t>;\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tcookieStore = await cookies();\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t// import failed or not in request context\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tcookieStore.set(\"__better-auth-cookie-store\", \"1\", { maxAge: 0 });\n\t\t\t\t\t\t\t// If cookie was set successfully, we should clean up.\n\t\t\t\t\t\t\tcookieStore.delete(\"__better-auth-cookie-store\");\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\tawait setShouldSkipSessionRefresh(true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tlet cookieHelper: Awaited<ReturnType<typeof cookies>>;\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\tcookieHelper = await cookies();\n\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t\terror instanceof Error &&\n\t\t\t\t\t\t\t\t\terror.message.startsWith(\n\t\t\t\t\t\t\t\t\t\t\"`cookies` was called outside a request scope.\",\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t// If error it means the `cookies` was called outside request scope.\n\t\t\t\t\t\t\t\t\t// NextJS docs on this: https://nextjs.org/docs/messages/next-dynamic-api-wrong-context\n\t\t\t\t\t\t\t\t\t// This often gets called in a monorepo workspace (outside of NextJS),\n\t\t\t\t\t\t\t\t\t// so we will try to catch this suppress it, and ignore using next-cookies.\n\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t// If it's an unexpected error, throw it.\n\t\t\t\t\t\t\t\tthrow error;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tcookieHelper.set(key, value.value, opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;AAKA,SAAgB,gBACf,MAKC;CACD,MAAM,UAAU,OAAO,YAAqB;AAC3C,SAAO,aAAa,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,QAAQ;;AAEjE,QAAO;EACN,KAAK;EACL,MAAM;EACN,OAAO;EACP,KAAK;EACL,QAAQ;EACR;;AAGF,MAAa,oBAAoB;AAChC,QAAO;EACN,IAAI;EACJ,OAAO;GACN,QAAQ,CACP;IACC,QAAQ,KAAK;AACZ,YAAO,IAAI,SAAS;;IAErB,SAAS,qBAAqB,YAAY;KAIzC,IAAI;AAGJ,SAAI;MACH,MAAM,EAAE,YAAY,MAAM,OAAO;AACjC,oBAAc,MAAM,SAAS;aACtB;AAEP;;AAED,SAAI;AACH,kBAAY,IAAI,8BAA8B,KAAK,EAAE,QAAQ,GAAG,CAAC;AAEjE,kBAAY,OAAO,6BAA6B;aACzC;AACP,YAAM,4BAA4B,KAAK;;MAEvC;IACF,CACD;GACD,OAAO,CACN;IACC,QAAQ,KAAK;AACZ,YAAO;;IAER,SAAS,qBAAqB,OAAO,QAAQ;KAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,SAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,SAAI,oBAAoB,SAAS;MAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,UAAI,CAAC,WAAY;MACjB,MAAM,SAAS,qBAAqB,WAAW;MAC/C,MAAM,EAAE,YAAY,MAAM,OAAO;MACjC,IAAI;AACJ,UAAI;AACH,sBAAe,MAAM,SAAS;eACtB,OAAO;AACf,WACC,iBAAiB,SACjB,MAAM,QAAQ,WACb,gDACA,CAMD;AAGD,aAAM;;AAEP,aAAO,SAAS,OAAO,QAAQ;AAC9B,WAAI,CAAC,IAAK;OACV,MAAM,OAAO;QACZ,UAAU,MAAM;QAChB,QAAQ,MAAM;QACd,QAAQ,MAAM;QACd,UAAU,MAAM;QAChB,QAAQ,MAAM;QACd,MAAM,MAAM;QACZ;AACD,WAAI;AACH,qBAAa,IAAI,KAAK,MAAM,OAAO,KAAK;eACjC;QAGP;AACF;;MAEA;IACF,CACD;GACD;EACD"}

package/dist/integrations/svelte-kit.mjs CHANGED Viewed

@@ -37,7 +37,7 @@ const sveltekitCookies = (getRequestEvent) => {
 					if (!event) return;
 					const parsed = parseSetCookieHeader(setCookies);
 					for (const [name, { value, ...ops }] of parsed) try {
-						event.cookies.set(name, decodeURIComponent(value), {
+						event.cookies.set(name, value, {
 							sameSite: ops.samesite,
 							path: ops.path || "/",
 							expires: ops.expires,

package/dist/integrations/svelte-kit.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"svelte-kit.mjs","names":[],"sources":["../../src/integrations/svelte-kit.ts"],"sourcesContent":["import { createAuthMiddleware } from \"@better-auth/core/api\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { parseSetCookieHeader } from \"../cookies\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../types\";\n\nexport const toSvelteKitHandler = (auth: {\n\thandler: (request: Request) => Response \| Promise<Response>;\n\toptions: BetterAuthOptions;\n}) => {\n\treturn (event: { request: Request }) => auth.handler(event.request);\n};\n\nexport const svelteKitHandler = async ({\n\tauth,\n\tevent,\n\tresolve,\n\tbuilding,\n}: {\n\tauth: {\n\t\thandler: (request: Request) => Response \| Promise<Response>;\n\t\toptions: BetterAuthOptions;\n\t};\n\tevent: RequestEvent;\n\tresolve: (event: RequestEvent) => Response \| Promise<Response>;\n\tbuilding: boolean;\n}) => {\n\tif (building) {\n\t\treturn resolve(event);\n\t}\n\tconst { request, url } = event;\n\tif (isAuthPath(url.toString(), auth.options)) {\n\t\treturn auth.handler(request);\n\t}\n\treturn resolve(event);\n};\n\nexport function isAuthPath(url: string, options: BetterAuthOptions) {\n\tconst _url = new URL(url);\n\tconst baseURLStr =\n\t\ttypeof options.baseURL === \"string\" ? options.baseURL : undefined;\n\tconst baseURL = new URL(\n\t\t`${baseURLStr \|\| _url.origin}${options.basePath \|\| \"/api/auth\"}`,\n\t);\n\tif (_url.origin !== baseURL.origin) return false;\n\tif (\n\t\t!_url.pathname.startsWith(\n\t\t\tbaseURL.pathname.endsWith(\"/\")\n\t\t\t\t? baseURL.pathname\n\t\t\t\t: `${baseURL.pathname}/`,\n\t\t)\n\t)\n\t\treturn false;\n\treturn true;\n}\n\nexport const sveltekitCookies = (\n\tgetRequestEvent: () => RequestEvent<any, any>,\n) => {\n\treturn {\n\t\tid: \"sveltekit-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher() {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst event = getRequestEvent();\n\t\t\t\t\t\t\tif (!event) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\n\t\t\t\t\t\t\tfor (const [name, { value, ...ops }] of parsed) {\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tevent.cookies.set(name, ~~decodeURIComponent(~~value), {\n\t\t\t\t\t\t\t\t\t\tsameSite: ops.samesite,\n\t\t\t\t\t\t\t\t\t\tpath: ops.path \|\| \"/\",\n\t\t\t\t\t\t\t\t\t\texpires: ops.expires,\n\t\t\t\t\t\t\t\t\t\tsecure: ops.secure,\n\t\t\t\t\t\t\t\t\t\thttpOnly: ops.httponly,\n\t\t\t\t\t\t\t\t\t\tdomain: ops.domain,\n\t\t\t\t\t\t\t\t\t\tmaxAge: ops[\"max-age\"],\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will avoid any issue related to already streamed response\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;AAKA,MAAa,sBAAsB,SAG7B;AACL,SAAQ,UAAgC,KAAK,QAAQ,MAAM,QAAQ;;AAGpE,MAAa,mBAAmB,OAAO,EACtC,MACA,OACA,SACA,eASK;AACL,KAAI,SACH,QAAO,QAAQ,MAAM;CAEtB,MAAM,EAAE,SAAS,QAAQ;AACzB,KAAI,WAAW,IAAI,UAAU,EAAE,KAAK,QAAQ,CAC3C,QAAO,KAAK,QAAQ,QAAQ;AAE7B,QAAO,QAAQ,MAAM;;AAGtB,SAAgB,WAAW,KAAa,SAA4B;CACnE,MAAM,OAAO,IAAI,IAAI,IAAI;CACzB,MAAM,aACL,OAAO,QAAQ,YAAY,WAAW,QAAQ,UAAU;CACzD,MAAM,UAAU,IAAI,IACnB,GAAG,cAAc,KAAK,SAAS,QAAQ,YAAY,cACnD;AACD,KAAI,KAAK,WAAW,QAAQ,OAAQ,QAAO;AAC3C,KACC,CAAC,KAAK,SAAS,WACd,QAAQ,SAAS,SAAS,IAAI,GAC3B,QAAQ,WACR,GAAG,QAAQ,SAAS,GACvB,CAED,QAAO;AACR,QAAO;;AAGR,MAAa,oBACZ,oBACI;AACJ,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,UAAU;AACT,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,QAAQ,iBAAiB;AAC/B,SAAI,CAAC,MAAO;KACZ,MAAM,SAAS,qBAAqB,WAAW;AAE/C,UAAK,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,UAAU,OACvC,KAAI;AACH,YAAM,QAAQ,IAAI,MAAM,~~mBAAmB,MAAM,EAAE~~;~~OAClD~~,UAAU,IAAI;OACd,MAAM,IAAI,QAAQ;OAClB,SAAS,IAAI;OACb,QAAQ,IAAI;OACZ,UAAU,IAAI;OACd,QAAQ,IAAI;OACZ,QAAQ,IAAI;OACZ,CAAC;aACK;;KAKT;GACF,CACD,EACD;EACD"}
1	+ {"version":3,"file":"svelte-kit.mjs","names":[],"sources":["../../src/integrations/svelte-kit.ts"],"sourcesContent":["import { createAuthMiddleware } from \"@better-auth/core/api\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { parseSetCookieHeader } from \"../cookies\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../types\";\n\nexport const toSvelteKitHandler = (auth: {\n\thandler: (request: Request) => Response \| Promise<Response>;\n\toptions: BetterAuthOptions;\n}) => {\n\treturn (event: { request: Request }) => auth.handler(event.request);\n};\n\nexport const svelteKitHandler = async ({\n\tauth,\n\tevent,\n\tresolve,\n\tbuilding,\n}: {\n\tauth: {\n\t\thandler: (request: Request) => Response \| Promise<Response>;\n\t\toptions: BetterAuthOptions;\n\t};\n\tevent: RequestEvent;\n\tresolve: (event: RequestEvent) => Response \| Promise<Response>;\n\tbuilding: boolean;\n}) => {\n\tif (building) {\n\t\treturn resolve(event);\n\t}\n\tconst { request, url } = event;\n\tif (isAuthPath(url.toString(), auth.options)) {\n\t\treturn auth.handler(request);\n\t}\n\treturn resolve(event);\n};\n\nexport function isAuthPath(url: string, options: BetterAuthOptions) {\n\tconst _url = new URL(url);\n\tconst baseURLStr =\n\t\ttypeof options.baseURL === \"string\" ? options.baseURL : undefined;\n\tconst baseURL = new URL(\n\t\t`${baseURLStr \|\| _url.origin}${options.basePath \|\| \"/api/auth\"}`,\n\t);\n\tif (_url.origin !== baseURL.origin) return false;\n\tif (\n\t\t!_url.pathname.startsWith(\n\t\t\tbaseURL.pathname.endsWith(\"/\")\n\t\t\t\t? baseURL.pathname\n\t\t\t\t: `${baseURL.pathname}/`,\n\t\t)\n\t)\n\t\treturn false;\n\treturn true;\n}\n\nexport const sveltekitCookies = (\n\tgetRequestEvent: () => RequestEvent<any, any>,\n) => {\n\treturn {\n\t\tid: \"sveltekit-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher() {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst event = getRequestEvent();\n\t\t\t\t\t\t\tif (!event) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\n\t\t\t\t\t\t\tfor (const [name, { value, ...ops }] of parsed) {\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tevent.cookies.set(name, value, {\n\t\t\t\t\t\t\t\t\t\tsameSite: ops.samesite,\n\t\t\t\t\t\t\t\t\t\tpath: ops.path \|\| \"/\",\n\t\t\t\t\t\t\t\t\t\texpires: ops.expires,\n\t\t\t\t\t\t\t\t\t\tsecure: ops.secure,\n\t\t\t\t\t\t\t\t\t\thttpOnly: ops.httponly,\n\t\t\t\t\t\t\t\t\t\tdomain: ops.domain,\n\t\t\t\t\t\t\t\t\t\tmaxAge: ops[\"max-age\"],\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will avoid any issue related to already streamed response\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;AAKA,MAAa,sBAAsB,SAG7B;AACL,SAAQ,UAAgC,KAAK,QAAQ,MAAM,QAAQ;;AAGpE,MAAa,mBAAmB,OAAO,EACtC,MACA,OACA,SACA,eASK;AACL,KAAI,SACH,QAAO,QAAQ,MAAM;CAEtB,MAAM,EAAE,SAAS,QAAQ;AACzB,KAAI,WAAW,IAAI,UAAU,EAAE,KAAK,QAAQ,CAC3C,QAAO,KAAK,QAAQ,QAAQ;AAE7B,QAAO,QAAQ,MAAM;;AAGtB,SAAgB,WAAW,KAAa,SAA4B;CACnE,MAAM,OAAO,IAAI,IAAI,IAAI;CACzB,MAAM,aACL,OAAO,QAAQ,YAAY,WAAW,QAAQ,UAAU;CACzD,MAAM,UAAU,IAAI,IACnB,GAAG,cAAc,KAAK,SAAS,QAAQ,YAAY,cACnD;AACD,KAAI,KAAK,WAAW,QAAQ,OAAQ,QAAO;AAC3C,KACC,CAAC,KAAK,SAAS,WACd,QAAQ,SAAS,SAAS,IAAI,GAC3B,QAAQ,WACR,GAAG,QAAQ,SAAS,GACvB,CAED,QAAO;AACR,QAAO;;AAGR,MAAa,oBACZ,oBACI;AACJ,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,UAAU;AACT,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,QAAQ,iBAAiB;AAC/B,SAAI,CAAC,MAAO;KACZ,MAAM,SAAS,qBAAqB,WAAW;AAE/C,UAAK,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,UAAU,OACvC,KAAI;AACH,YAAM,QAAQ,IAAI,MAAM,OAAO;OAC9B,UAAU,IAAI;OACd,MAAM,IAAI,QAAQ;OAClB,SAAS,IAAI;OACb,QAAQ,IAAI;OACZ,UAAU,IAAI;OACd,QAAQ,IAAI;OACZ,QAAQ,IAAI;OACZ,CAAC;aACK;;KAKT;GACF,CACD,EACD;EACD"}

package/dist/integrations/tanstack-start-solid.mjs CHANGED Viewed

@@ -46,7 +46,7 @@ const tanstackStartCookies = () => {
 							path: value.path
 						};
 						try {
-							setCookie(key, decodeURIComponent(value.value), opts);
+							setCookie(key, value.value, opts);
 						} catch {}
 					});
 					return;

package/dist/integrations/tanstack-start-solid.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tanstack-start-solid.mjs","names":[],"sources":["../../src/integrations/tanstack-start-solid.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/*\n TanStack Start cookie plugin for Solid.js.\n \n This plugin automatically handles cookie setting for TanStack Start with Solid.js.\n * It uses `@tanstack/solid-start-server` to set cookies.\n \n For React, use `better-auth/tanstack-start` instead.\n \n @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start/solid\";\n \n const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies-solid\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/solid-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key, ~~decodeURIComponent(~~value.value), opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,6BAA6B;AACzC,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,SAAS,qBAAqB,WAAW;KAC/C,MAAM,EAAE,cAAc,MAAM,OAC3B;AAED,YAAO,SAAS,OAAO,QAAQ;AAC9B,UAAI,CAAC,IAAK;MACV,MAAM,OAAO;OACZ,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,QAAQ,MAAM;OACd,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,MAAM,MAAM;OACZ;AACD,UAAI;AACH,iBAAU,KAAK,~~mBAAmB,~~MAAM,~~MAAM~~,~~EAAE,~~KAAK;~~cAC9C~~;OAGP;AACF;;KAEA;GACF,CACD,EACD;EACD"}
1	+ {"version":3,"file":"tanstack-start-solid.mjs","names":[],"sources":["../../src/integrations/tanstack-start-solid.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/*\n TanStack Start cookie plugin for Solid.js.\n \n This plugin automatically handles cookie setting for TanStack Start with Solid.js.\n * It uses `@tanstack/solid-start-server` to set cookies.\n \n For React, use `better-auth/tanstack-start` instead.\n \n @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start/solid\";\n \n const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies-solid\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/solid-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key, value.value, opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,6BAA6B;AACzC,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,SAAS,qBAAqB,WAAW;KAC/C,MAAM,EAAE,cAAc,MAAM,OAC3B;AAED,YAAO,SAAS,OAAO,QAAQ;AAC9B,UAAI,CAAC,IAAK;MACV,MAAM,OAAO;OACZ,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,QAAQ,MAAM;OACd,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,MAAM,MAAM;OACZ;AACD,UAAI;AACH,iBAAU,KAAK,MAAM,OAAO,KAAK;cAC1B;OAGP;AACF;;KAEA;GACF,CACD,EACD;EACD"}

package/dist/integrations/tanstack-start.mjs CHANGED Viewed

@@ -46,7 +46,7 @@ const tanstackStartCookies = () => {
 							path: value.path
 						};
 						try {
-							setCookie(key, decodeURIComponent(value.value), opts);
+							setCookie(key, value.value, opts);
 						} catch {}
 					});
 					return;

package/dist/integrations/tanstack-start.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tanstack-start.mjs","names":[],"sources":["../../src/integrations/tanstack-start.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/*\n TanStack Start cookie plugin for React.\n \n This plugin automatically handles cookie setting for TanStack Start with React.\n * It uses `@tanstack/react-start-server` to set cookies.\n \n For Solid.js, use `better-auth/tanstack-start/solid` instead.\n \n @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start\";\n \n const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/react-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key, ~~decodeURIComponent(~~value.value), opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,6BAA6B;AACzC,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,SAAS,qBAAqB,WAAW;KAC/C,MAAM,EAAE,cAAc,MAAM,OAC3B;AAED,YAAO,SAAS,OAAO,QAAQ;AAC9B,UAAI,CAAC,IAAK;MACV,MAAM,OAAO;OACZ,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,QAAQ,MAAM;OACd,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,MAAM,MAAM;OACZ;AACD,UAAI;AACH,iBAAU,KAAK,~~mBAAmB,~~MAAM,~~MAAM~~,~~EAAE,~~KAAK;~~cAC9C~~;OAGP;AACF;;KAEA;GACF,CACD,EACD;EACD"}
1	+ {"version":3,"file":"tanstack-start.mjs","names":[],"sources":["../../src/integrations/tanstack-start.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/*\n TanStack Start cookie plugin for React.\n \n This plugin automatically handles cookie setting for TanStack Start with React.\n * It uses `@tanstack/react-start-server` to set cookies.\n \n For Solid.js, use `better-auth/tanstack-start/solid` instead.\n \n @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start\";\n \n const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/react-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key, value.value, opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,6BAA6B;AACzC,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,SAAS,qBAAqB,WAAW;KAC/C,MAAM,EAAE,cAAc,MAAM,OAC3B;AAED,YAAO,SAAS,OAAO,QAAQ;AAC9B,UAAI,CAAC,IAAK;MACV,MAAM,OAAO;OACZ,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,QAAQ,MAAM;OACd,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,MAAM,MAAM;OACZ;AACD,UAAI;AACH,iBAAU,KAAK,MAAM,OAAO,KAAK;cAC1B;OAGP;AACF;;KAEA;GACF,CACD,EACD;EACD"}

package/dist/plugins/access/index.d.mts CHANGED Viewed

@@ -1,3 +1,3 @@
-import { AccessControl, Role, Statements, SubArray, Subset } from "./types.mjs";
+import { AccessControl, ArrayElement, Role, Statements, SubArray, Subset } from "./types.mjs";
 import { AuthorizeResponse, createAccessControl, role } from "./access.mjs";
-export { AccessControl, AuthorizeResponse, Role, Statements, SubArray, Subset, createAccessControl, role };
+export { AccessControl, ArrayElement, AuthorizeResponse, Role, Statements, SubArray, Subset, createAccessControl, role };

package/dist/plugins/access/types.d.mts CHANGED Viewed

@@ -2,6 +2,7 @@ import { AuthorizeResponse, createAccessControl } from "./access.mjs";
 import { LiteralString } from "@better-auth/core";
 //#region src/plugins/access/types.d.ts
+type ArrayElement<T> = T extends readonly (infer E)[] ? E : never;
 type SubArray<T extends unknown[] | readonly unknown[] | any[]> = T[number][] | ReadonlyArray<T[number]>;
 type Subset<K extends keyof R, R extends Record<string | LiteralString, readonly string[] | readonly LiteralString[]>> = { [P in K]: SubArray<R[P]> };
 type Statements = {
@@ -13,5 +14,5 @@ type Role<TStatements extends Statements = Record<string, any>> = {
   statements: TStatements;
 };
 //#endregion
-export { AccessControl, Role, Statements, SubArray, Subset };
+export { AccessControl, ArrayElement, Role, Statements, SubArray, Subset };
 //# sourceMappingURL=types.d.mts.map

package/dist/plugins/admin/admin.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessControl, Statements } from "../access/types.mjs";
+import { AccessControl, ArrayElement, Statements } from "../access/types.mjs";
 import { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole } from "./types.mjs";
 import "../index.mjs";
 import * as _better_auth_core0 from "@better-auth/core";
@@ -831,10 +831,10 @@ declare const admin: <O extends AdminOptions>(options?: O | undefined) => {
             })]?: ((O["ac"] extends AccessControl<infer S extends Statements> ? S : {
               readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
               readonly session: readonly ["list", "revoke", "delete"];
-            })[key] extends readonly unknown[] ? (O["ac"] extends AccessControl<infer S extends Statements> ? S : {
+            })[key] extends readonly unknown[] ? ArrayElement<(O["ac"] extends AccessControl<infer S extends Statements> ? S : {
               readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
               readonly session: readonly ["list", "revoke", "delete"];
-            })[key][number] : never)[] | undefined };
+            })[key]> : never)[] | undefined };
           } & {
             userId?: string | undefined;
             role?: InferAdminRolesFromOption<O> | undefined;

package/dist/plugins/admin/client.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessControl, Role, Statements } from "../access/types.mjs";
+import { AccessControl, ArrayElement, Role, Statements } from "../access/types.mjs";
 import "../access/index.mjs";
 import { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole } from "./types.mjs";
 import { admin } from "./admin.mjs";
@@ -34,10 +34,10 @@ declare const adminClient: <O extends AdminClientOptions>(options?: O | undefine
         })]?: ((O["ac"] extends AccessControl<infer S extends Statements> ? S : {
           readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
           readonly session: readonly ["list", "revoke", "delete"];
-        })[key] extends readonly unknown[] ? (O["ac"] extends AccessControl<infer S extends Statements> ? S : {
+        })[key] extends readonly unknown[] ? ArrayElement<(O["ac"] extends AccessControl<infer S extends Statements> ? S : {
           readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
           readonly session: readonly ["list", "revoke", "delete"];
-        })[key][number] : never)[] | undefined };
+        })[key]> : never)[] | undefined };
       } & {
         role: R;
       }) => boolean;

package/dist/plugins/admin/client.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/admin/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { AccessControl, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, userAc } from \"./access\";\nimport type { admin } from \"./admin\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\n\nexport * from \"./error-codes\";\n\ninterface AdminClientOptions {\n\tac?: AccessControl \| undefined;\n\troles?:\n\t\t\| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t\| undefined;\n}\n\nexport const adminClient = <O extends AdminClientOptions>(\n\toptions?: O \| undefined,\n) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key]~~[number]\~~n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tuser: userAc,\n\t\t...options?.roles,\n\t};\n\n\treturn {\n\t\tid: \"admin-client\",\n\t\t$InferServerPlugin: {} as ReturnType<\n\t\t\ttypeof admin<{\n\t\t\t\tac: O[\"ac\"] extends AccessControl\n\t\t\t\t\t? O[\"ac\"]\n\t\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\t\troles: O[\"roles\"] extends Record<string, Role>\n\t\t\t\t\t? O[\"roles\"]\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\t\tuser: Role;\n\t\t\t\t\t\t};\n\t\t\t}>\n\t\t>,\n\t\tgetActions: () => ({\n\t\t\tadmin: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends O extends { roles: any }\n\t\t\t\t\t\t? keyof O[\"roles\"]\n\t\t\t\t\t\t: \"admin\" \| \"user\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = hasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tpathMethods: {\n\t\t\t\"/admin/list-users\": \"GET\",\n\t\t\t\"/admin/stop-impersonating\": \"POST\",\n\t\t},\n\t\t$ERROR_CODES: ADMIN_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport type * from \"./types\";\n"],"mappings":";;;;;;AAmBA,MAAa,eACZ,YACI;CAeJ,MAAM,QAAQ;EACb,OAAO;EACP,MAAM;EACN,GAAG,SAAS;EACZ;AAED,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAatB,mBAAmB,EAClB,OAAO,EACN,sBAKC,SAGI;AASJ,UARqB,cAAc;IAClC,MAAM,KAAK;IACX,SAAS;KACR,IAAI,SAAS;KACN;KACP;IACD,aAAa,KAAK;IAClB,CAAC;KAGH,EACD;EACD,aAAa;GACZ,qBAAqB;GACrB,6BAA6B;GAC7B;EACD,cAAc;EACd"}
1	+ {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/admin/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { AccessControl, ArrayElement, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, userAc } from \"./access\";\nimport type { admin } from \"./admin\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\n\nexport * from \"./error-codes\";\n\ninterface AdminClientOptions {\n\tac?: AccessControl \| undefined;\n\troles?:\n\t\t\| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t\| undefined;\n}\n\nexport const adminClient = <O extends AdminClientOptions>(\n\toptions?: O \| undefined,\n) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tuser: userAc,\n\t\t...options?.roles,\n\t};\n\n\treturn {\n\t\tid: \"admin-client\",\n\t\t$InferServerPlugin: {} as ReturnType<\n\t\t\ttypeof admin<{\n\t\t\t\tac: O[\"ac\"] extends AccessControl\n\t\t\t\t\t? O[\"ac\"]\n\t\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\t\troles: O[\"roles\"] extends Record<string, Role>\n\t\t\t\t\t? O[\"roles\"]\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\t\tuser: Role;\n\t\t\t\t\t\t};\n\t\t\t}>\n\t\t>,\n\t\tgetActions: () => ({\n\t\t\tadmin: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends O extends { roles: any }\n\t\t\t\t\t\t? keyof O[\"roles\"]\n\t\t\t\t\t\t: \"admin\" \| \"user\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = hasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tpathMethods: {\n\t\t\t\"/admin/list-users\": \"GET\",\n\t\t\t\"/admin/stop-impersonating\": \"POST\",\n\t\t},\n\t\t$ERROR_CODES: ADMIN_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport type * from \"./types\";\n"],"mappings":";;;;;;AAmBA,MAAa,eACZ,YACI;CAeJ,MAAM,QAAQ;EACb,OAAO;EACP,MAAM;EACN,GAAG,SAAS;EACZ;AAED,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAatB,mBAAmB,EAClB,OAAO,EACN,sBAKC,SAGI;AASJ,UARqB,cAAc;IAClC,MAAM,KAAK;IACX,SAAS;KACR,IAAI,SAAS;KACN;KACP;IACD,aAAa,KAAK;IAClB,CAAC;KAGH,EACD;EACD,aAAa;GACZ,qBAAqB;GACrB,6BAA6B;GAC7B;EACD,cAAc;EACd"}

package/dist/plugins/admin/routes.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/admin/routes.ts"],"sourcesContent":["import {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport type { Session } from \"@better-auth/core/db\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { whereOperators } from \"@better-auth/core/db/adapter\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { parseSessionOutput, parseUserOutput } from \"../../db/schema\";\nimport { getDate } from \"../../utils/date\";\nimport type { AccessControl } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport type {\n\tAdminOptions,\n\tInferAdminRolesFromOption,\n\tSessionWithImpersonatedBy,\n\tUserWithRole,\n} from \"./types\";\n\n/*\n Ensures a valid session, if not will throw.\n * Will also provide additional types on the user to include role types.\n /\nconst adminMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t} as {\n\t\tsession: {\n\t\t\tuser: UserWithRole;\n\t\t\tsession: Session;\n\t\t};\n\t};\n});\n\nfunction parseRoles(roles: string \| string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nconst setRoleBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role to set. `admin` or `user` by default\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles to set. `admin` or `user` by default\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`\",\n\t\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/set-role`\n \n ### API Methods\n \n server:\n * `auth.api.setRole`\n \n client:\n * `authClient.admin.setRole`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)\n /\nexport const setRole = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserRole\",\n\t\t\t\t\tsummary: \"Set the role of a user\",\n\t\t\t\t\tdescription: \"Set the role of a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User role updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tuserId: string;\n\t\t\t\t\t\trole: InferAdminRolesFromOption<O> \| InferAdminRolesFromOption<O>[];\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetRole = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetRole) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst roles = opts.roles;\n\t\t\tif (roles) {\n\t\t\t\tconst inputRoles = Array.isArray(ctx.body.role)\n\t\t\t\t\t? ctx.body.role\n\t\t\t\t\t: [ctx.body.role];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (!roles[role as keyof typeof roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\trole: parseRoles(ctx.body.role),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst getUserQuerySchema = z.object({\n\tid: z.string().meta({\n\t\tdescription: \"The id of the User\",\n\t}),\n});\n\nexport const getUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/get-user\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: getUserQuerySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"getUser\",\n\t\t\t\t\tsummary: \"Get an existing user\",\n\t\t\t\t\tdescription: \"Get an existing user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { id } = ctx.query;\n\n\t\t\tconst canGetUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"get\"],\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!canGetUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(id);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\treturn parseUserOutput(ctx.context.options, user) as UserWithRole;\n\t\t},\n\t);\n\nconst createUserBodySchema = z.object({\n\temail: z.string().meta({\n\t\tdescription: \"The email of the user\",\n\t}),\n\tpassword: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users).\",\n\t}),\n\tname: z.string().meta({\n\t\tdescription: \"The name of the user\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role of the user\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles of user\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.optional()\n\t\t.meta({\n\t\t\tdescription: `A string or array of strings representing the roles to apply to the new user. Eg: \\\"user\\\"`,\n\t\t}),\n\t/\n\t extra fields for user\n\t /\n\tdata: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription:\n\t\t\t\"Extra fields for the user. Including custom additional fields.\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/create-user`\n \n ### API Methods\n \n server:\n * `auth.api.createUser`\n \n client:\n * `authClient.admin.createUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)\n /\nexport const createUser = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/create-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: createUserBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"createUser\",\n\t\t\t\t\tsummary: \"Create a new user\",\n\t\t\t\t\tdescription: \"Create a new user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword?: string \| undefined;\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\trole?:\n\t\t\t\t\t\t\t\| (InferAdminRolesFromOption<O> \| InferAdminRolesFromOption<O>[])\n\t\t\t\t\t\t\t\| undefined;\n\t\t\t\t\t\tdata?: Record<string, any> \| undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<{ role: string }>(ctx);\n\t\t\tif (!session && (ctx.request \|\| ctx.headers)) {\n\t\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (session) {\n\t\t\t\tconst canCreateUser = hasPermission({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\trole: session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canCreateUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst email = ctx.body.email.toLowerCase();\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\n\t\t\tconst existUser =\n\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (existUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.createUser<UserWithRole>({\n\t\t\t\temail: email,\n\t\t\t\tname: ctx.body.name,\n\t\t\t\trole:\n\t\t\t\t\t(ctx.body.role && parseRoles(ctx.body.role)) ??\n\t\t\t\t\topts?.defaultRole ??\n\t\t\t\t\t\"user\",\n\t\t\t\t...ctx.body.data,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\t// Only create credential account if password is provided\n\t\t\tif (ctx.body.password) {\n\t\t\t\tconst hashedPassword = await ctx.context.password.hash(\n\t\t\t\t\tctx.body.password,\n\t\t\t\t);\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tuserId: user.id,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst adminUpdateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\tdata: z.record(z.any(), z.any()).meta({\n\t\tdescription: \"The user data to update\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/update-user`\n \n ### API Methods\n \n server:\n * `auth.api.adminUpdateUser`\n \n client:\n * `authClient.admin.updateUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)\n /\nexport const adminUpdateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/update-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: adminUpdateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"updateUser\",\n\t\t\t\t\tsummary: \"Update a user\",\n\t\t\t\t\tdescription: \"Update a user's details\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canUpdateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"update\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canUpdateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (Object.keys(ctx.body.data).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);\n\t\t\t}\n\n\t\t\t// Role changes must be guarded by `user:set-role` and validated against the role allow-list.\n\t\t\tif (Object.prototype.hasOwnProperty.call(ctx.body.data, \"role\")) {\n\t\t\t\tconst canSetRole = hasPermission({\n\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canSetRole) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst roleValue = (ctx.body.data as Record<string, any>).role;\n\t\t\t\tconst inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (typeof role !== \"string\") {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.INVALID_ROLE_TYPE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tif (opts.roles && !opts.roles[role as keyof typeof opts.roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t(ctx.body.data as Record<string, any>).role = parseRoles(\n\t\t\t\t\tinputRoles as string[],\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\tctx.body.data,\n\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\tparseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t);\n\t\t},\n\t);\n\nconst listUsersQuerySchema = z.object({\n\tsearchValue: z.string().optional().meta({\n\t\tdescription: 'The value to search for. Eg: \"some name\"',\n\t}),\n\tsearchField: z\n\t\t.enum([\"email\", \"name\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"',\n\t\t})\n\t\t.optional(),\n\tsearchOperator: z\n\t\t.enum([\"contains\", \"starts_with\", \"ends_with\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"',\n\t\t})\n\t\t.optional(),\n\tlimit: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The number of users to return\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\toffset: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The offset to start from\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\tsortBy: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to sort by\",\n\t\t})\n\t\t.optional(),\n\tsortDirection: z\n\t\t.enum([\"asc\", \"desc\"])\n\t\t.meta({\n\t\t\tdescription: \"The direction to sort by\",\n\t\t})\n\t\t.optional(),\n\tfilterField: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to filter by\",\n\t\t})\n\t\t.optional(),\n\tfilterValue: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The value to filter by\",\n\t\t})\n\t\t.or(z.number())\n\t\t.or(z.boolean())\n\t\t.or(z.array(z.string()))\n\t\t.or(z.array(z.number()))\n\t\t.optional(),\n\tfilterOperator: z\n\t\t.enum(whereOperators)\n\t\t.meta({\n\t\t\tdescription: \"The operator to use for the filter\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const listUsers = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-users\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tquery: listUsersQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUsers\",\n\t\t\t\t\tsummary: \"List users\",\n\t\t\t\t\tdescription: \"List users\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of users\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tusers: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttotal: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlimit: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\toffset: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"users\", \"total\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListUsers = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListUsers) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst where: Where[] = [];\n\n\t\t\tif (ctx.query?.searchValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.searchField \|\| \"email\",\n\t\t\t\t\toperator: ctx.query.searchOperator \|\| \"contains\",\n\t\t\t\t\tvalue: ctx.query.searchValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (ctx.query?.filterValue !== undefined) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.filterField \|\| \"email\",\n\t\t\t\t\toperator: ctx.query.filterOperator \|\| \"eq\",\n\t\t\t\t\tvalue: ctx.query.filterValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst users = await ctx.context.internalAdapter.listUsers(\n\t\t\t\t\tNumber(ctx.query?.limit) \|\| undefined,\n\t\t\t\t\tNumber(ctx.query?.offset) \|\| undefined,\n\t\t\t\t\tctx.query?.sortBy\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tfield: ctx.query.sortBy,\n\t\t\t\t\t\t\t\tdirection: ctx.query.sortDirection \|\| \"asc\",\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\tconst total = await ctx.context.internalAdapter.countTotalUsers(\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: users.map((user) =>\n\t\t\t\t\t\tparseUserOutput(ctx.context.options, user),\n\t\t\t\t\t) as UserWithRole[],\n\t\t\t\t\ttotal: total,\n\t\t\t\t\tlimit: Number(ctx.query?.limit) \|\| undefined,\n\t\t\t\t\toffset: Number(ctx.query?.offset) \|\| undefined,\n\t\t\t\t});\n\t\t\t} catch {\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: [] as UserWithRole[],\n\t\t\t\t\ttotal: 0,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t);\n\nconst listUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/list-user-sessions`\n \n ### API Methods\n \n server:\n * `auth.api.listUserSessions`\n \n client:\n * `authClient.admin.listUserSessions`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)\n /\nexport const listUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tbody: listUserSessionsBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUserSessions\",\n\t\t\t\t\tsummary: \"List user sessions\",\n\t\t\t\t\tdescription: \"List user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of user sessions\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsessions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListSessions = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListSessions) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst sessions: SessionWithImpersonatedBy[] =\n\t\t\t\tawait ctx.context.internalAdapter.listSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsessions: sessions.map((s) =>\n\t\t\t\t\tparseSessionOutput(ctx.context.options, s),\n\t\t\t\t),\n\t\t\t});\n\t\t},\n\t);\n\nconst unbanUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/unban-user`\n \n ### API Methods\n \n server:\n * `auth.api.unbanUser`\n \n client:\n * `authClient.admin.unbanUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)\n /\nexport const unbanUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/unban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: unbanUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"unbanUser\",\n\t\t\t\t\tsummary: \"Unban a user\",\n\t\t\t\t\tdescription: \"Unban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User unbanned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: false,\n\t\t\t\t\tbanExpires: null,\n\t\t\t\t\tbanReason: null,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst banUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\t/\n\t Reason for the ban\n\t /\n\tbanReason: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The reason for the ban\",\n\t\t})\n\t\t.optional(),\n\t/\n\t Number of seconds until the ban expires\n\t /\n\tbanExpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of seconds until the ban expires\",\n\t\t})\n\t\t.optional(),\n});\n\n/\n ### Endpoint\n \n POST `/admin/ban-user`\n \n ### API Methods\n \n server:\n * `auth.api.banUser`\n \n client:\n * `authClient.admin.banUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)\n /\nexport const banUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/ban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: banUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"banUser\",\n\t\t\t\t\tsummary: \"Ban a user\",\n\t\t\t\t\tdescription: \"Ban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User banned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst foundUser = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!foundUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: true,\n\t\t\t\t\tbanReason:\n\t\t\t\t\t\tctx.body.banReason \|\| opts?.defaultBanReason \|\| \"No reason\",\n\t\t\t\t\tbanExpires: ctx.body.banExpiresIn\n\t\t\t\t\t\t? getDate(ctx.body.banExpiresIn, \"sec\")\n\t\t\t\t\t\t: opts?.defaultBanExpiresIn\n\t\t\t\t\t\t\t? getDate(opts.defaultBanExpiresIn, \"sec\")\n\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\t//revoke all sessions\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst impersonateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/\n ### Endpoint\n \n POST `/admin/impersonate-user`\n \n ### API Methods\n \n server:\n * `auth.api.impersonateUser`\n \n client:\n * `authClient.admin.impersonateUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)\n /\nexport const impersonateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/impersonate-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: impersonateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"impersonateUser\",\n\t\t\t\t\tsummary: \"Impersonate a user\",\n\t\t\t\t\tdescription: \"Impersonate a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Impersonation session created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canImpersonateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"impersonate\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canImpersonateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst targetUser = (await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t)) as UserWithRole \| null;\n\n\t\t\tif (!targetUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst adminRoles = (\n\t\t\t\tArray.isArray(opts.adminRoles)\n\t\t\t\t\t? opts.adminRoles\n\t\t\t\t\t: opts.adminRoles?.split(\",\") \|\| []\n\t\t\t).map((role) => role.trim());\n\t\t\tconst targetUserRole = (\n\t\t\t\ttargetUser.role \|\|\n\t\t\t\topts.defaultRole \|\|\n\t\t\t\t\"user\"\n\t\t\t).split(\",\");\n\t\t\tconst isTargetAdmin =\n\t\t\t\ttargetUserRole.some((role) => adminRoles.includes(role)) \|\|\n\t\t\t\t!!opts.adminUserIds?.includes(targetUser.id);\n\t\t\tif (isTargetAdmin) {\n\t\t\t\tconst canImpersonateAdmins =\n\t\t\t\t\topts.allowImpersonatingAdmins === true \|\|\n\t\t\t\t\thasPermission({\n\t\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\t\toptions: opts,\n\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\tuser: [\"impersonate-admins\"],\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\tif (!canImpersonateAdmins) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\ttargetUser.id,\n\t\t\t\ttrue,\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: ctx.context.session.user.id,\n\t\t\t\t\texpiresAt: opts?.impersonationSessionDuration\n\t\t\t\t\t\t? getDate(opts.impersonationSessionDuration, \"sec\")\n\t\t\t\t\t\t: getDate(60 60, \"sec\"), // 1 hour\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authCookies = ctx.context.authCookies;\n\t\t\tdeleteSessionCookie(ctx);\n\t\t\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tconst adminCookieProp = ctx.context.createAuthCookie(\"admin_session\");\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tadminCookieProp.name,\n\t\t\t\t`${ctx.context.session.session.token}:${dontRememberMeCookie \|\| \"\"}`,\n\t\t\t\tctx.context.secret,\n\t\t\t\tauthCookies.sessionToken.attributes,\n\t\t\t);\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession: session,\n\t\t\t\t\tuser: targetUser,\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: session,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, targetUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\n/*\n ### Endpoint\n \n POST `/admin/stop-impersonating`\n \n ### API Methods\n \n server:\n * `auth.api.stopImpersonating`\n \n client:\n * `authClient.admin.stopImpersonating`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)\n /\nexport const stopImpersonating = () =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/stop-impersonating\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<\n\t\t\t\t{},\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: string;\n\t\t\t\t}\n\t\t\t>(ctx);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session.session.impersonatedBy) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"You are not impersonating anyone\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tsession.session.impersonatedBy,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find user\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst adminSessionCookie = ctx.context.createAuthCookie(\"admin_session\");\n\n\t\t\tconst adminCookie = await ctx.getSignedCookie(\n\t\t\t\tadminSessionCookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\n\t\t\tif (!adminCookie) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(\":\");\n\t\t\tconst adminSession = await ctx.context.internalAdapter.findSession(\n\t\t\t\tadminSessionToken!,\n\t\t\t);\n\t\t\tif (!adminSession \|\| adminSession.session.userId !== user.id) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\tawait setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);\n\t\t\texpireCookie(ctx, adminSessionCookie);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: parseSessionOutput(ctx.context.options, adminSession.session),\n\t\t\t\tuser: parseUserOutput(ctx.context.options, adminSession.user),\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionBodySchema = z.object({\n\tsessionToken: z.string().meta({\n\t\tdescription: \"The session token\",\n\t}),\n});\n/\n ### Endpoint\n \n POST `/admin/revoke-user-session`\n \n ### API Methods\n \n server:\n * `auth.api.revokeUserSession`\n \n client:\n * `authClient.admin.revokeUserSession`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)\n /\nexport const revokeUserSession = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-session\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSession\",\n\t\t\t\t\tsummary: \"Revoke a user session\",\n\t\t\t\t\tdescription: \"Revoke a user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Session revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/\n ### Endpoint\n \n POST `/admin/revoke-user-sessions`\n \n ### API Methods\n \n server:\n * `auth.api.revokeUserSessions`\n \n client:\n * `authClient.admin.revokeUserSessions`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)\n /\nexport const revokeUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionsBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSessions\",\n\t\t\t\t\tsummary: \"Revoke all user sessions\",\n\t\t\t\t\tdescription: \"Revoke all user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sessions revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst removeUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/remove-user`\n \n ### API Methods\n \n server:\n * `auth.api.removeUser`\n \n client:\n * `authClient.admin.removeUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)\n /\nexport const removeUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/remove-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: removeUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"removeUser\",\n\t\t\t\t\tsummary: \"Remove a user\",\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Delete a user and all their sessions and accounts. Cannot be undone.\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User removed\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canDeleteUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"delete\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canDeleteUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteUser(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst setUserPasswordBodySchema = z.object({\n\tnewPassword: z.string().nonempty(\"newPassword cannot be empty\").meta({\n\t\tdescription: \"The new password\",\n\t}),\n\tuserId: z.coerce.string().nonempty(\"userId cannot be empty\").meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/set-user-password`\n \n ### API Methods\n \n server:\n * `auth.api.setUserPassword`\n \n client:\n * `authClient.admin.setUserPassword`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)\n /\nexport const setUserPassword = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-user-password\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setUserPasswordBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserPassword\",\n\t\t\t\t\tsummary: \"Set a user's password\",\n\t\t\t\t\tdescription: \"Set a user's password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Password set\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetUserPassword = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-password\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetUserPassword) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { newPassword, userId } = ctx.body;\n\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\tif (newPassword.length < minPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t\t}\n\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\tif (newPassword.length > maxPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t\t}\n\t\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst userHasPermissionBodySchema = z\n\t.object({\n\t\tuserId: z.coerce.string().optional().meta({\n\t\t\tdescription: `The user id. Eg: \"user-id\"`,\n\t\t}),\n\t\trole: z.string().optional().meta({\n\t\t\tdescription: `The role to check permission for. Eg: \"admin\"`,\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\n/\n ### Endpoint\n \n POST `/admin/has-permission`\n \n ### API Methods\n \n server:\n * `auth.api.userHasPermission`\n \n client:\n * `authClient.admin.hasPermission`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)\n */\nexport const userHasPermission = <O extends AdminOptions>(opts: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/admin/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: userHasPermissionBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\tuserId?: string \| undefined;\n\t\t\t\t\t\trole?: InferAdminRolesFromOption<O> \| undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!ctx.body?.permissions) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"invalid permission check. no permission(s) were passed.\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\n\t\t\tif (!session && (ctx.request \|\| ctx.headers)) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session && !ctx.body.userId && !ctx.body.role) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user id or role is required\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user =\n\t\t\t\tsession?.user \|\|\n\t\t\t\t(ctx.body.role\n\t\t\t\t\t? { id: ctx.body.userId \|\| \"\", role: ctx.body.role }\n\t\t\t\t\t: null) \|\|\n\t\t\t\t(ctx.body.userId\n\t\t\t\t\t? ((await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\t\t\tctx.body.userId as string,\n\t\t\t\t\t\t)) as { role?: string \| undefined; id: string })\n\t\t\t\t\t: null);\n\t\t\tif (!user) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user not found\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst result = hasPermission({\n\t\t\t\tuserId: user.id,\n\t\t\t\trole: user.role,\n\t\t\t\toptions: opts as AdminOptions,\n\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAgCA,MAAM,kBAAkB,qBAAqB,OAAO,QAAQ;CAC3D,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,QAAO,EACN,SACA;EAMA;AAEF,SAAS,WAAW,OAAkC;AACrD,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAGjD,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,iDACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,kDACb,CAAC,CACF,CACD,CAAC,CACD,KAAK,EACL,aACC,gGACD,CAAC;CACH,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAmC,SAC/C,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,gBAAgB;CAChB,KAAK,CAAC,gBAAgB;CACtB,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EAIR;EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAEF,MAAM,QAAQ,KAAK;AACnB,KAAI,OAAO;EACV,MAAM,aAAa,MAAM,QAAQ,IAAI,KAAK,KAAK,GAC5C,IAAI,KAAK,OACT,CAAC,IAAI,KAAK,KAAK;AAClB,OAAK,MAAM,QAAQ,WAClB,KAAI,CAAC,MAAM,MACV,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;CAIJ,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,EACC,MAAM,WAAW,IAAI,KAAK,KAAK,EAC/B,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY,EACvD,CAAC;EAEH;AAEF,MAAM,qBAAqB,EAAE,OAAO,EACnC,IAAI,EAAE,QAAQ,CAAC,KAAK,EACnB,aAAa,sBACb,CAAC,EACF,CAAC;AAEF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,OAAO;CACP,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,OAAO,IAAI;AAWnB,KAAI,CATe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAGD,OAAM,SAAS,KACd,aACA,kBAAkB,gCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,GAAG;AAE/D,KAAI,CAAC,KACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,QAAO,gBAAgB,IAAI,QAAQ,SAAS,KAAK;EAElD;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aACC,wJACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,wBACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,wBACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,qBACb,CAAC,CACF,CACD,CAAC,CACD,UAAU,CACV,KAAK,EACL,aAAa,8FACb,CAAC;CAIH,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EACnD,aACC,kEACD,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAsC,SAClD,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EASR;EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAoC,IAAI;AAC9D,KAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,SASH;MAAI,CARkB,cAAc;GACnC,QAAQ,QAAQ,KAAK;GACrB,MAAM,QAAQ,KAAK;GACnB,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;;CAIH,MAAM,QAAQ,IAAI,KAAK,MAAM,aAAa;AAE1C,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAKnE,KADC,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM,CAExD,OAAM,SAAS,KACd,eACA,kBAAkB,sCAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAAyB;EAChE;EACP,MAAM,IAAI,KAAK;EACf,OACE,IAAI,KAAK,QAAQ,WAAW,IAAI,KAAK,KAAK,KAC3C,MAAM,eACN;EACD,GAAG,IAAI,KAAK;EACZ,CAAC;AAEF,KAAI,CAAC,KACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;AAGF,KAAI,IAAI,KAAK,UAAU;EACtB,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KACjD,IAAI,KAAK,SACT;AACD,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,WAAW,KAAK;GAChB,YAAY;GACZ,UAAU;GACV,QAAQ,KAAK;GACb,CAAC;;AAEH,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,EACrC,aAAa,2BACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,OAAO,KAAK,IAAI,KAAK,KAAK,CAAC,WAAW,EACzC,OAAM,SAAS,KAAK,eAAe,kBAAkB,kBAAkB;AAIxE,KAAI,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,MAAM,OAAO,EAAE;AAShE,MAAI,CARe,cAAc;GAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;EAGF,MAAM,YAAa,IAAI,KAAK,KAA6B;EACzD,MAAM,aAAa,MAAM,QAAQ,UAAU,GAAG,YAAY,CAAC,UAAU;AACrE,OAAK,MAAM,QAAQ,YAAY;AAC9B,OAAI,OAAO,SAAS,SACnB,OAAM,SAAS,KACd,eACA,kBAAkB,kBAClB;AAEF,OAAI,KAAK,SAAS,CAAC,KAAK,MAAM,MAC7B,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;AAGH,EAAC,IAAI,KAAK,KAA6B,OAAO,WAC7C,WACA;;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,IAAI,KAAK,KACT;AAED,QAAO,IAAI,KACV,gBAAgB,IAAI,QAAQ,SAAS,YAAY,CACjD;EAEF;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACvC,aAAa,8CACb,CAAC;CACF,aAAa,EACX,KAAK,CAAC,SAAS,OAAO,CAAC,CACvB,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAY;EAAe;EAAY,CAAC,CAC9C,KAAK,EACL,aACC,yGACD,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,wBACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,KAAK,CAAC,OAAO,OAAO,CAAC,CACrB,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,GAAG,EAAE,SAAS,CAAC,CACf,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,UAAU;CACZ,gBAAgB,EACd,KAAK,eAAe,CACpB,KAAK,EACL,aAAa,sCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,OAAO;MACN,MAAM;MACN,OAAO,EACN,MAAM,6BACN;MACD;KACD,OAAO,EACN,MAAM,UACN;KACD,OAAO,EACN,MAAM,UACN;KACD,QAAQ,EACP,MAAM,UACN;KACD;IACD,UAAU,CAAC,SAAS,QAAQ;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARiB,cAAc;EAClC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,OAAO,EACd;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,kCAClB;CAGF,MAAM,QAAiB,EAAE;AAEzB,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI,IAAI,OAAO,gBAAgB,OAC9B,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI;EACH,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,UAC/C,OAAO,IAAI,OAAO,MAAM,IAAI,QAC5B,OAAO,IAAI,OAAO,OAAO,IAAI,QAC7B,IAAI,OAAO,SACR;GACA,OAAO,IAAI,MAAM;GACjB,WAAW,IAAI,MAAM,iBAAiB;GACtC,GACA,QACH,MAAM,SAAS,QAAQ,OACvB;EACD,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,gBAC/C,MAAM,SAAS,QAAQ,OACvB;AACD,SAAO,IAAI,KAAK;GACf,OAAO,MAAM,KAAK,SACjB,gBAAgB,IAAI,QAAQ,SAAS,KAAK,CAC1C;GACM;GACP,OAAO,OAAO,IAAI,OAAO,MAAM,IAAI;GACnC,QAAQ,OAAO,IAAI,OAAO,OAAO,IAAI;GACrC,CAAC;SACK;AACP,SAAO,IAAI,KAAK;GACf,OAAO,EAAE;GACT,OAAO;GACP,CAAC;;EAGJ;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,SAChC,mBACC,6BACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,UAAU;KACT,MAAM;KACN,OAAO,EACN,MAAM,gCACN;KACD,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARoB,cAAc;EACrC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,OAAO,EACjB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,2CAClB;CAGF,MAAM,WACL,MAAM,IAAI,QAAQ,gBAAgB,aAAa,IAAI,KAAK,OAAO;AAChE,QAAO,IAAI,KAAK,EACf,UAAU,SAAS,KAAK,MACvB,mBAAmB,IAAI,QAAQ,SAAS,EAAE,CAC1C,EACD,CAAC;EAEH;AAEF,MAAM,sBAAsB,EAAE,OAAO,EACpC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,YAAY;EACZ,WAAW;EACX,2BAAW,IAAI,MAAM;EACrB,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CAIF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;AAOF,KAAI,CAJc,MAAM,IAAI,QAAQ,gBAAgB,aACnD,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,wBAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,WACC,IAAI,KAAK,aAAa,MAAM,oBAAoB;EACjD,YAAY,IAAI,KAAK,eAClB,QAAQ,IAAI,KAAK,cAAc,MAAM,GACrC,MAAM,sBACL,QAAQ,KAAK,qBAAqB,MAAM,GACxC;EACJ,2BAAW,IAAI,MAAM;EACrB,CACD;AAED,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,mBAAmB,SAC/B,mBACC,2BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,SAAS,EACR,MAAM,gCACN;KACD,MAAM,EACL,MAAM,6BACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,cAAc,EACrB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAGF,MAAM,aAAc,MAAM,IAAI,QAAQ,gBAAgB,aACrD,IAAI,KAAK,OACT;AAED,KAAI,CAAC,WACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;CAGlE,MAAM,cACL,MAAM,QAAQ,KAAK,WAAW,GAC3B,KAAK,aACL,KAAK,YAAY,MAAM,IAAI,IAAI,EAAE,EACnC,KAAK,SAAS,KAAK,MAAM,CAAC;AAS5B,MAPC,WAAW,QACX,KAAK,eACL,QACC,MAAM,IAAI,CAEI,MAAM,SAAS,WAAW,SAAS,KAAK,CAAC,IACxD,CAAC,CAAC,KAAK,cAAc,SAAS,WAAW,GAAG,EAY5C;MAAI,EATH,KAAK,6BAA6B,QAClC,cAAc;GACb,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,qBAAqB,EAC5B;GACD,CAAC,EAEF,OAAM,SAAS,KACd,aACA,kBAAkB,8BAClB;;CAIH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,WAAW,IACX,MACA;EACC,gBAAgB,IAAI,QAAQ,QAAQ,KAAK;EACzC,WAAW,MAAM,+BACd,QAAQ,KAAK,8BAA8B,MAAM,GACjD,QAAQ,MAAS,MAAM;EAC1B,EACD,KACA;AACD,KAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;CAEF,MAAM,cAAc,IAAI,QAAQ;AAChC,qBAAoB,IAAI;CACxB,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;CACD,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,gBAAgB;AACrE,OAAM,IAAI,gBACT,gBAAgB,MAChB,GAAG,IAAI,QAAQ,QAAQ,QAAQ,MAAM,GAAG,wBAAwB,MAChE,IAAI,QAAQ,QACZ,YAAY,aAAa,WACzB;AACD,OAAM,iBACL,KACA;EACU;EACT,MAAM;EACN,EACD,KACA;AACD,QAAO,IAAI,KAAK;EACN;EACT,MAAM,gBAAgB,IAAI,QAAQ,SAAS,WAAW;EACtD,CAAC;EAEH;;;;;;;;;;;;;;;;AAiBF,MAAa,0BACZ,mBACC,6BACA;CACC,QAAQ;CACR,gBAAgB;CAChB,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAKpB,IAAI;AACN,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,KAAI,CAAC,QAAQ,QAAQ,eACpB,OAAM,SAAS,WAAW,eAAe,EACxC,SAAS,oCACT,CAAC;CAEH,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,QAAQ,QAAQ,eAChB;AACD,KAAI,CAAC,KACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,uBACT,CAAC;CAEH,MAAM,qBAAqB,IAAI,QAAQ,iBAAiB,gBAAgB;CAExE,MAAM,cAAc,MAAM,IAAI,gBAC7B,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AAED,KAAI,CAAC,YACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;CAEH,MAAM,CAAC,mBAAmB,wBAAwB,aAAa,MAAM,IAAI;CACzE,MAAM,eAAe,MAAM,IAAI,QAAQ,gBAAgB,YACtD,kBACA;AACD,KAAI,CAAC,gBAAgB,aAAa,QAAQ,WAAW,KAAK,GACzD,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;AAEH,OAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,OAAM,iBAAiB,KAAK,cAAc,CAAC,CAAC,qBAAqB;AACjE,cAAa,KAAK,mBAAmB;AACrC,QAAO,IAAI,KAAK;EACf,SAAS,mBAAmB,IAAI,QAAQ,SAAS,aAAa,QAAQ;EACtE,MAAM,gBAAgB,IAAI,QAAQ,SAAS,aAAa,KAAK;EAC7D,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAAE,OAAO,EAC5C,cAAc,EAAE,QAAQ,CAAC,KAAK,EAC7B,aAAa,qBACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,SACjC,mBACC,8BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,cAAc,IAAI,KAAK,aAAa;AACtE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,+BAA+B,EAAE,OAAO,EAC7C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,sBAAsB,SAClC,mBACC,+BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAc,SAC1B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aACC;EACD,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,2BAClB;AAOF,KAAI,CAJS,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,OAAM,IAAI,QAAQ,gBAAgB,WAAW,IAAI,KAAK,OAAO;AAC7D,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,aAAa,EAAE,QAAQ,CAAC,SAAS,8BAA8B,CAAC,KAAK,EACpE,aAAa,oBACb,CAAC;CACF,QAAQ,EAAE,OAAO,QAAQ,CAAC,SAAS,yBAAyB,CAAC,KAAK,EACjE,aAAa,eACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,4BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,eAAe,EACtB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,0CAClB;CAGF,MAAM,EAAE,aAAa,WAAW,IAAI;CACpC,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,QAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;;CAExE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,QAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;;CAEvE,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AACnE,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AACxE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAClC,OAAO;CACP,QAAQ,EAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,EACzC,aAAa,8BACb,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAChC,aAAa,iDACb,CAAC;CACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;;;;;;;;;;;;;;;;AAiBF,MAAa,qBAA6C,SAAY;AAgBrE,QAAO,mBACN,yBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU;GACT,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,aAAa;MACZ,MAAM;MACN,aAAa;MACb,EACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD,QAAQ,EACP,MAAM,EAAE,EAIR;GACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,CAAC,IAAI,MAAM,YACd,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,2DACT,CAAC;EAEH,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAE5C,MAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,SAAS,eAAe;AAEnC,MAAI,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,KAAK,KAC7C,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,+BACT,CAAC;EAEH,MAAM,OACL,SAAS,SACR,IAAI,KAAK,OACP;GAAE,IAAI,IAAI,KAAK,UAAU;GAAI,MAAM,IAAI,KAAK;GAAM,GAClD,UACF,IAAI,KAAK,SACL,MAAM,IAAI,QAAQ,gBAAgB,aACpC,IAAI,KAAK,OACT,GACA;AACJ,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;EAEH,MAAM,SAAS,cAAc;GAC5B,QAAQ,KAAK;GACb,MAAM,KAAK;GACX,SAAS;GACT,aAAa,IAAI,KAAK;GACtB,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH"}
1	+ {"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/admin/routes.ts"],"sourcesContent":["import {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport type { Session } from \"@better-auth/core/db\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { whereOperators } from \"@better-auth/core/db/adapter\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { parseSessionOutput, parseUserOutput } from \"../../db/schema\";\nimport { getDate } from \"../../utils/date\";\nimport type { AccessControl, ArrayElement } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport type {\n\tAdminOptions,\n\tInferAdminRolesFromOption,\n\tSessionWithImpersonatedBy,\n\tUserWithRole,\n} from \"./types\";\n\n/*\n Ensures a valid session, if not will throw.\n * Will also provide additional types on the user to include role types.\n /\nconst adminMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t} as {\n\t\tsession: {\n\t\t\tuser: UserWithRole;\n\t\t\tsession: Session;\n\t\t};\n\t};\n});\n\nfunction parseRoles(roles: string \| string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nconst setRoleBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role to set. `admin` or `user` by default\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles to set. `admin` or `user` by default\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`\",\n\t\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/set-role`\n \n ### API Methods\n \n server:\n * `auth.api.setRole`\n \n client:\n * `authClient.admin.setRole`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)\n /\nexport const setRole = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserRole\",\n\t\t\t\t\tsummary: \"Set the role of a user\",\n\t\t\t\t\tdescription: \"Set the role of a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User role updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tuserId: string;\n\t\t\t\t\t\trole: InferAdminRolesFromOption<O> \| InferAdminRolesFromOption<O>[];\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetRole = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetRole) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst roles = opts.roles;\n\t\t\tif (roles) {\n\t\t\t\tconst inputRoles = Array.isArray(ctx.body.role)\n\t\t\t\t\t? ctx.body.role\n\t\t\t\t\t: [ctx.body.role];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (!roles[role as keyof typeof roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\trole: parseRoles(ctx.body.role),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst getUserQuerySchema = z.object({\n\tid: z.string().meta({\n\t\tdescription: \"The id of the User\",\n\t}),\n});\n\nexport const getUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/get-user\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: getUserQuerySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"getUser\",\n\t\t\t\t\tsummary: \"Get an existing user\",\n\t\t\t\t\tdescription: \"Get an existing user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { id } = ctx.query;\n\n\t\t\tconst canGetUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"get\"],\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!canGetUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(id);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\treturn parseUserOutput(ctx.context.options, user) as UserWithRole;\n\t\t},\n\t);\n\nconst createUserBodySchema = z.object({\n\temail: z.string().meta({\n\t\tdescription: \"The email of the user\",\n\t}),\n\tpassword: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users).\",\n\t}),\n\tname: z.string().meta({\n\t\tdescription: \"The name of the user\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role of the user\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles of user\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.optional()\n\t\t.meta({\n\t\t\tdescription: `A string or array of strings representing the roles to apply to the new user. Eg: \\\"user\\\"`,\n\t\t}),\n\t/\n\t extra fields for user\n\t /\n\tdata: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription:\n\t\t\t\"Extra fields for the user. Including custom additional fields.\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/create-user`\n \n ### API Methods\n \n server:\n * `auth.api.createUser`\n \n client:\n * `authClient.admin.createUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)\n /\nexport const createUser = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/create-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: createUserBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"createUser\",\n\t\t\t\t\tsummary: \"Create a new user\",\n\t\t\t\t\tdescription: \"Create a new user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword?: string \| undefined;\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\trole?:\n\t\t\t\t\t\t\t\| (InferAdminRolesFromOption<O> \| InferAdminRolesFromOption<O>[])\n\t\t\t\t\t\t\t\| undefined;\n\t\t\t\t\t\tdata?: Record<string, any> \| undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<{ role: string }>(ctx);\n\t\t\tif (!session && (ctx.request \|\| ctx.headers)) {\n\t\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (session) {\n\t\t\t\tconst canCreateUser = hasPermission({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\trole: session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canCreateUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst email = ctx.body.email.toLowerCase();\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\n\t\t\tconst existUser =\n\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (existUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.createUser<UserWithRole>({\n\t\t\t\temail: email,\n\t\t\t\tname: ctx.body.name,\n\t\t\t\trole:\n\t\t\t\t\t(ctx.body.role && parseRoles(ctx.body.role)) ??\n\t\t\t\t\topts?.defaultRole ??\n\t\t\t\t\t\"user\",\n\t\t\t\t...ctx.body.data,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\t// Only create credential account if password is provided\n\t\t\tif (ctx.body.password) {\n\t\t\t\tconst hashedPassword = await ctx.context.password.hash(\n\t\t\t\t\tctx.body.password,\n\t\t\t\t);\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tuserId: user.id,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst adminUpdateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\tdata: z.record(z.any(), z.any()).meta({\n\t\tdescription: \"The user data to update\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/update-user`\n \n ### API Methods\n \n server:\n * `auth.api.adminUpdateUser`\n \n client:\n * `authClient.admin.updateUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)\n /\nexport const adminUpdateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/update-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: adminUpdateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"updateUser\",\n\t\t\t\t\tsummary: \"Update a user\",\n\t\t\t\t\tdescription: \"Update a user's details\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canUpdateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"update\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canUpdateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (Object.keys(ctx.body.data).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);\n\t\t\t}\n\n\t\t\t// Role changes must be guarded by `user:set-role` and validated against the role allow-list.\n\t\t\tif (Object.prototype.hasOwnProperty.call(ctx.body.data, \"role\")) {\n\t\t\t\tconst canSetRole = hasPermission({\n\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canSetRole) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst roleValue = (ctx.body.data as Record<string, any>).role;\n\t\t\t\tconst inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (typeof role !== \"string\") {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.INVALID_ROLE_TYPE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tif (opts.roles && !opts.roles[role as keyof typeof opts.roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t(ctx.body.data as Record<string, any>).role = parseRoles(\n\t\t\t\t\tinputRoles as string[],\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\tctx.body.data,\n\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\tparseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t);\n\t\t},\n\t);\n\nconst listUsersQuerySchema = z.object({\n\tsearchValue: z.string().optional().meta({\n\t\tdescription: 'The value to search for. Eg: \"some name\"',\n\t}),\n\tsearchField: z\n\t\t.enum([\"email\", \"name\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"',\n\t\t})\n\t\t.optional(),\n\tsearchOperator: z\n\t\t.enum([\"contains\", \"starts_with\", \"ends_with\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"',\n\t\t})\n\t\t.optional(),\n\tlimit: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The number of users to return\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\toffset: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The offset to start from\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\tsortBy: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to sort by\",\n\t\t})\n\t\t.optional(),\n\tsortDirection: z\n\t\t.enum([\"asc\", \"desc\"])\n\t\t.meta({\n\t\t\tdescription: \"The direction to sort by\",\n\t\t})\n\t\t.optional(),\n\tfilterField: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to filter by\",\n\t\t})\n\t\t.optional(),\n\tfilterValue: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The value to filter by\",\n\t\t})\n\t\t.or(z.number())\n\t\t.or(z.boolean())\n\t\t.or(z.array(z.string()))\n\t\t.or(z.array(z.number()))\n\t\t.optional(),\n\tfilterOperator: z\n\t\t.enum(whereOperators)\n\t\t.meta({\n\t\t\tdescription: \"The operator to use for the filter\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const listUsers = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-users\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tquery: listUsersQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUsers\",\n\t\t\t\t\tsummary: \"List users\",\n\t\t\t\t\tdescription: \"List users\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of users\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tusers: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttotal: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlimit: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\toffset: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"users\", \"total\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListUsers = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListUsers) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst where: Where[] = [];\n\n\t\t\tif (ctx.query?.searchValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.searchField \|\| \"email\",\n\t\t\t\t\toperator: ctx.query.searchOperator \|\| \"contains\",\n\t\t\t\t\tvalue: ctx.query.searchValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (ctx.query?.filterValue !== undefined) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.filterField \|\| \"email\",\n\t\t\t\t\toperator: ctx.query.filterOperator \|\| \"eq\",\n\t\t\t\t\tvalue: ctx.query.filterValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst users = await ctx.context.internalAdapter.listUsers(\n\t\t\t\t\tNumber(ctx.query?.limit) \|\| undefined,\n\t\t\t\t\tNumber(ctx.query?.offset) \|\| undefined,\n\t\t\t\t\tctx.query?.sortBy\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tfield: ctx.query.sortBy,\n\t\t\t\t\t\t\t\tdirection: ctx.query.sortDirection \|\| \"asc\",\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\tconst total = await ctx.context.internalAdapter.countTotalUsers(\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: users.map((user) =>\n\t\t\t\t\t\tparseUserOutput(ctx.context.options, user),\n\t\t\t\t\t) as UserWithRole[],\n\t\t\t\t\ttotal: total,\n\t\t\t\t\tlimit: Number(ctx.query?.limit) \|\| undefined,\n\t\t\t\t\toffset: Number(ctx.query?.offset) \|\| undefined,\n\t\t\t\t});\n\t\t\t} catch {\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: [] as UserWithRole[],\n\t\t\t\t\ttotal: 0,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t);\n\nconst listUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/list-user-sessions`\n \n ### API Methods\n \n server:\n * `auth.api.listUserSessions`\n \n client:\n * `authClient.admin.listUserSessions`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)\n /\nexport const listUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tbody: listUserSessionsBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUserSessions\",\n\t\t\t\t\tsummary: \"List user sessions\",\n\t\t\t\t\tdescription: \"List user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of user sessions\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsessions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListSessions = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListSessions) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst sessions: SessionWithImpersonatedBy[] =\n\t\t\t\tawait ctx.context.internalAdapter.listSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsessions: sessions.map((s) =>\n\t\t\t\t\tparseSessionOutput(ctx.context.options, s),\n\t\t\t\t),\n\t\t\t});\n\t\t},\n\t);\n\nconst unbanUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/unban-user`\n \n ### API Methods\n \n server:\n * `auth.api.unbanUser`\n \n client:\n * `authClient.admin.unbanUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)\n /\nexport const unbanUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/unban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: unbanUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"unbanUser\",\n\t\t\t\t\tsummary: \"Unban a user\",\n\t\t\t\t\tdescription: \"Unban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User unbanned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: false,\n\t\t\t\t\tbanExpires: null,\n\t\t\t\t\tbanReason: null,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst banUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\t/\n\t Reason for the ban\n\t /\n\tbanReason: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The reason for the ban\",\n\t\t})\n\t\t.optional(),\n\t/\n\t Number of seconds until the ban expires\n\t /\n\tbanExpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of seconds until the ban expires\",\n\t\t})\n\t\t.optional(),\n});\n\n/\n ### Endpoint\n \n POST `/admin/ban-user`\n \n ### API Methods\n \n server:\n * `auth.api.banUser`\n \n client:\n * `authClient.admin.banUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)\n /\nexport const banUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/ban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: banUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"banUser\",\n\t\t\t\t\tsummary: \"Ban a user\",\n\t\t\t\t\tdescription: \"Ban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User banned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst foundUser = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!foundUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: true,\n\t\t\t\t\tbanReason:\n\t\t\t\t\t\tctx.body.banReason \|\| opts?.defaultBanReason \|\| \"No reason\",\n\t\t\t\t\tbanExpires: ctx.body.banExpiresIn\n\t\t\t\t\t\t? getDate(ctx.body.banExpiresIn, \"sec\")\n\t\t\t\t\t\t: opts?.defaultBanExpiresIn\n\t\t\t\t\t\t\t? getDate(opts.defaultBanExpiresIn, \"sec\")\n\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\t//revoke all sessions\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst impersonateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/\n ### Endpoint\n \n POST `/admin/impersonate-user`\n \n ### API Methods\n \n server:\n * `auth.api.impersonateUser`\n \n client:\n * `authClient.admin.impersonateUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)\n /\nexport const impersonateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/impersonate-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: impersonateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"impersonateUser\",\n\t\t\t\t\tsummary: \"Impersonate a user\",\n\t\t\t\t\tdescription: \"Impersonate a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Impersonation session created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canImpersonateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"impersonate\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canImpersonateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst targetUser = (await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t)) as UserWithRole \| null;\n\n\t\t\tif (!targetUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst adminRoles = (\n\t\t\t\tArray.isArray(opts.adminRoles)\n\t\t\t\t\t? opts.adminRoles\n\t\t\t\t\t: opts.adminRoles?.split(\",\") \|\| []\n\t\t\t).map((role) => role.trim());\n\t\t\tconst targetUserRole = (\n\t\t\t\ttargetUser.role \|\|\n\t\t\t\topts.defaultRole \|\|\n\t\t\t\t\"user\"\n\t\t\t).split(\",\");\n\t\t\tconst isTargetAdmin =\n\t\t\t\ttargetUserRole.some((role) => adminRoles.includes(role)) \|\|\n\t\t\t\t!!opts.adminUserIds?.includes(targetUser.id);\n\t\t\tif (isTargetAdmin) {\n\t\t\t\tconst canImpersonateAdmins =\n\t\t\t\t\topts.allowImpersonatingAdmins === true \|\|\n\t\t\t\t\thasPermission({\n\t\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\t\toptions: opts,\n\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\tuser: [\"impersonate-admins\"],\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\tif (!canImpersonateAdmins) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\ttargetUser.id,\n\t\t\t\ttrue,\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: ctx.context.session.user.id,\n\t\t\t\t\texpiresAt: opts?.impersonationSessionDuration\n\t\t\t\t\t\t? getDate(opts.impersonationSessionDuration, \"sec\")\n\t\t\t\t\t\t: getDate(60 60, \"sec\"), // 1 hour\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authCookies = ctx.context.authCookies;\n\t\t\tdeleteSessionCookie(ctx);\n\t\t\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tconst adminCookieProp = ctx.context.createAuthCookie(\"admin_session\");\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tadminCookieProp.name,\n\t\t\t\t`${ctx.context.session.session.token}:${dontRememberMeCookie \|\| \"\"}`,\n\t\t\t\tctx.context.secret,\n\t\t\t\tauthCookies.sessionToken.attributes,\n\t\t\t);\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession: session,\n\t\t\t\t\tuser: targetUser,\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: session,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, targetUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\n/*\n ### Endpoint\n \n POST `/admin/stop-impersonating`\n \n ### API Methods\n \n server:\n * `auth.api.stopImpersonating`\n \n client:\n * `authClient.admin.stopImpersonating`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)\n /\nexport const stopImpersonating = () =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/stop-impersonating\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<\n\t\t\t\t{},\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: string;\n\t\t\t\t}\n\t\t\t>(ctx);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session.session.impersonatedBy) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"You are not impersonating anyone\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tsession.session.impersonatedBy,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find user\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst adminSessionCookie = ctx.context.createAuthCookie(\"admin_session\");\n\n\t\t\tconst adminCookie = await ctx.getSignedCookie(\n\t\t\t\tadminSessionCookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\n\t\t\tif (!adminCookie) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(\":\");\n\t\t\tconst adminSession = await ctx.context.internalAdapter.findSession(\n\t\t\t\tadminSessionToken!,\n\t\t\t);\n\t\t\tif (!adminSession \|\| adminSession.session.userId !== user.id) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\tawait setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);\n\t\t\texpireCookie(ctx, adminSessionCookie);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: parseSessionOutput(ctx.context.options, adminSession.session),\n\t\t\t\tuser: parseUserOutput(ctx.context.options, adminSession.user),\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionBodySchema = z.object({\n\tsessionToken: z.string().meta({\n\t\tdescription: \"The session token\",\n\t}),\n});\n/\n ### Endpoint\n \n POST `/admin/revoke-user-session`\n \n ### API Methods\n \n server:\n * `auth.api.revokeUserSession`\n \n client:\n * `authClient.admin.revokeUserSession`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)\n /\nexport const revokeUserSession = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-session\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSession\",\n\t\t\t\t\tsummary: \"Revoke a user session\",\n\t\t\t\t\tdescription: \"Revoke a user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Session revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/\n ### Endpoint\n \n POST `/admin/revoke-user-sessions`\n \n ### API Methods\n \n server:\n * `auth.api.revokeUserSessions`\n \n client:\n * `authClient.admin.revokeUserSessions`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)\n /\nexport const revokeUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionsBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSessions\",\n\t\t\t\t\tsummary: \"Revoke all user sessions\",\n\t\t\t\t\tdescription: \"Revoke all user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sessions revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst removeUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/remove-user`\n \n ### API Methods\n \n server:\n * `auth.api.removeUser`\n \n client:\n * `authClient.admin.removeUser`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)\n /\nexport const removeUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/remove-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: removeUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"removeUser\",\n\t\t\t\t\tsummary: \"Remove a user\",\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Delete a user and all their sessions and accounts. Cannot be undone.\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User removed\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canDeleteUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"delete\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canDeleteUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteUser(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst setUserPasswordBodySchema = z.object({\n\tnewPassword: z.string().nonempty(\"newPassword cannot be empty\").meta({\n\t\tdescription: \"The new password\",\n\t}),\n\tuserId: z.coerce.string().nonempty(\"userId cannot be empty\").meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/\n ### Endpoint\n \n POST `/admin/set-user-password`\n \n ### API Methods\n \n server:\n * `auth.api.setUserPassword`\n \n client:\n * `authClient.admin.setUserPassword`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)\n /\nexport const setUserPassword = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-user-password\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setUserPasswordBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserPassword\",\n\t\t\t\t\tsummary: \"Set a user's password\",\n\t\t\t\t\tdescription: \"Set a user's password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Password set\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetUserPassword = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-password\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetUserPassword) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { newPassword, userId } = ctx.body;\n\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\tif (newPassword.length < minPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t\t}\n\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\tif (newPassword.length > maxPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t\t}\n\t\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst userHasPermissionBodySchema = z\n\t.object({\n\t\tuserId: z.coerce.string().optional().meta({\n\t\t\tdescription: `The user id. Eg: \"user-id\"`,\n\t\t}),\n\t\trole: z.string().optional().meta({\n\t\t\tdescription: `The role to check permission for. Eg: \"admin\"`,\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\n/\n ### Endpoint\n \n POST `/admin/has-permission`\n \n ### API Methods\n \n server:\n * `auth.api.userHasPermission`\n \n client:\n * `authClient.admin.hasPermission`\n \n @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)\n */\nexport const userHasPermission = <O extends AdminOptions>(opts: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/admin/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: userHasPermissionBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\tuserId?: string \| undefined;\n\t\t\t\t\t\trole?: InferAdminRolesFromOption<O> \| undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!ctx.body?.permissions) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"invalid permission check. no permission(s) were passed.\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\n\t\t\tif (!session && (ctx.request \|\| ctx.headers)) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session && !ctx.body.userId && !ctx.body.role) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user id or role is required\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user =\n\t\t\t\tsession?.user \|\|\n\t\t\t\t(ctx.body.role\n\t\t\t\t\t? { id: ctx.body.userId \|\| \"\", role: ctx.body.role }\n\t\t\t\t\t: null) \|\|\n\t\t\t\t(ctx.body.userId\n\t\t\t\t\t? ((await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\t\t\tctx.body.userId as string,\n\t\t\t\t\t\t)) as { role?: string \| undefined; id: string })\n\t\t\t\t\t: null);\n\t\t\tif (!user) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user not found\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst result = hasPermission({\n\t\t\t\tuserId: user.id,\n\t\t\t\trole: user.role,\n\t\t\t\toptions: opts as AdminOptions,\n\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAgCA,MAAM,kBAAkB,qBAAqB,OAAO,QAAQ;CAC3D,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,QAAO,EACN,SACA;EAMA;AAEF,SAAS,WAAW,OAAkC;AACrD,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAGjD,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,iDACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,kDACb,CAAC,CACF,CACD,CAAC,CACD,KAAK,EACL,aACC,gGACD,CAAC;CACH,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAmC,SAC/C,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,gBAAgB;CAChB,KAAK,CAAC,gBAAgB;CACtB,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EAIR;EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAEF,MAAM,QAAQ,KAAK;AACnB,KAAI,OAAO;EACV,MAAM,aAAa,MAAM,QAAQ,IAAI,KAAK,KAAK,GAC5C,IAAI,KAAK,OACT,CAAC,IAAI,KAAK,KAAK;AAClB,OAAK,MAAM,QAAQ,WAClB,KAAI,CAAC,MAAM,MACV,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;CAIJ,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,EACC,MAAM,WAAW,IAAI,KAAK,KAAK,EAC/B,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY,EACvD,CAAC;EAEH;AAEF,MAAM,qBAAqB,EAAE,OAAO,EACnC,IAAI,EAAE,QAAQ,CAAC,KAAK,EACnB,aAAa,sBACb,CAAC,EACF,CAAC;AAEF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,OAAO;CACP,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,OAAO,IAAI;AAWnB,KAAI,CATe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAGD,OAAM,SAAS,KACd,aACA,kBAAkB,gCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,GAAG;AAE/D,KAAI,CAAC,KACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,QAAO,gBAAgB,IAAI,QAAQ,SAAS,KAAK;EAElD;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aACC,wJACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,wBACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,wBACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,qBACb,CAAC,CACF,CACD,CAAC,CACD,UAAU,CACV,KAAK,EACL,aAAa,8FACb,CAAC;CAIH,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EACnD,aACC,kEACD,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAsC,SAClD,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EASR;EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAoC,IAAI;AAC9D,KAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,SASH;MAAI,CARkB,cAAc;GACnC,QAAQ,QAAQ,KAAK;GACrB,MAAM,QAAQ,KAAK;GACnB,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;;CAIH,MAAM,QAAQ,IAAI,KAAK,MAAM,aAAa;AAE1C,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAKnE,KADC,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM,CAExD,OAAM,SAAS,KACd,eACA,kBAAkB,sCAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAAyB;EAChE;EACP,MAAM,IAAI,KAAK;EACf,OACE,IAAI,KAAK,QAAQ,WAAW,IAAI,KAAK,KAAK,KAC3C,MAAM,eACN;EACD,GAAG,IAAI,KAAK;EACZ,CAAC;AAEF,KAAI,CAAC,KACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;AAGF,KAAI,IAAI,KAAK,UAAU;EACtB,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KACjD,IAAI,KAAK,SACT;AACD,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,WAAW,KAAK;GAChB,YAAY;GACZ,UAAU;GACV,QAAQ,KAAK;GACb,CAAC;;AAEH,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,EACrC,aAAa,2BACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,OAAO,KAAK,IAAI,KAAK,KAAK,CAAC,WAAW,EACzC,OAAM,SAAS,KAAK,eAAe,kBAAkB,kBAAkB;AAIxE,KAAI,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,MAAM,OAAO,EAAE;AAShE,MAAI,CARe,cAAc;GAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;EAGF,MAAM,YAAa,IAAI,KAAK,KAA6B;EACzD,MAAM,aAAa,MAAM,QAAQ,UAAU,GAAG,YAAY,CAAC,UAAU;AACrE,OAAK,MAAM,QAAQ,YAAY;AAC9B,OAAI,OAAO,SAAS,SACnB,OAAM,SAAS,KACd,eACA,kBAAkB,kBAClB;AAEF,OAAI,KAAK,SAAS,CAAC,KAAK,MAAM,MAC7B,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;AAGH,EAAC,IAAI,KAAK,KAA6B,OAAO,WAC7C,WACA;;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,IAAI,KAAK,KACT;AAED,QAAO,IAAI,KACV,gBAAgB,IAAI,QAAQ,SAAS,YAAY,CACjD;EAEF;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACvC,aAAa,8CACb,CAAC;CACF,aAAa,EACX,KAAK,CAAC,SAAS,OAAO,CAAC,CACvB,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAY;EAAe;EAAY,CAAC,CAC9C,KAAK,EACL,aACC,yGACD,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,wBACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,KAAK,CAAC,OAAO,OAAO,CAAC,CACrB,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,GAAG,EAAE,SAAS,CAAC,CACf,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,UAAU;CACZ,gBAAgB,EACd,KAAK,eAAe,CACpB,KAAK,EACL,aAAa,sCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,OAAO;MACN,MAAM;MACN,OAAO,EACN,MAAM,6BACN;MACD;KACD,OAAO,EACN,MAAM,UACN;KACD,OAAO,EACN,MAAM,UACN;KACD,QAAQ,EACP,MAAM,UACN;KACD;IACD,UAAU,CAAC,SAAS,QAAQ;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARiB,cAAc;EAClC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,OAAO,EACd;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,kCAClB;CAGF,MAAM,QAAiB,EAAE;AAEzB,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI,IAAI,OAAO,gBAAgB,OAC9B,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI;EACH,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,UAC/C,OAAO,IAAI,OAAO,MAAM,IAAI,QAC5B,OAAO,IAAI,OAAO,OAAO,IAAI,QAC7B,IAAI,OAAO,SACR;GACA,OAAO,IAAI,MAAM;GACjB,WAAW,IAAI,MAAM,iBAAiB;GACtC,GACA,QACH,MAAM,SAAS,QAAQ,OACvB;EACD,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,gBAC/C,MAAM,SAAS,QAAQ,OACvB;AACD,SAAO,IAAI,KAAK;GACf,OAAO,MAAM,KAAK,SACjB,gBAAgB,IAAI,QAAQ,SAAS,KAAK,CAC1C;GACM;GACP,OAAO,OAAO,IAAI,OAAO,MAAM,IAAI;GACnC,QAAQ,OAAO,IAAI,OAAO,OAAO,IAAI;GACrC,CAAC;SACK;AACP,SAAO,IAAI,KAAK;GACf,OAAO,EAAE;GACT,OAAO;GACP,CAAC;;EAGJ;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,SAChC,mBACC,6BACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,UAAU;KACT,MAAM;KACN,OAAO,EACN,MAAM,gCACN;KACD,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARoB,cAAc;EACrC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,OAAO,EACjB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,2CAClB;CAGF,MAAM,WACL,MAAM,IAAI,QAAQ,gBAAgB,aAAa,IAAI,KAAK,OAAO;AAChE,QAAO,IAAI,KAAK,EACf,UAAU,SAAS,KAAK,MACvB,mBAAmB,IAAI,QAAQ,SAAS,EAAE,CAC1C,EACD,CAAC;EAEH;AAEF,MAAM,sBAAsB,EAAE,OAAO,EACpC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,YAAY;EACZ,WAAW;EACX,2BAAW,IAAI,MAAM;EACrB,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CAIF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;AAOF,KAAI,CAJc,MAAM,IAAI,QAAQ,gBAAgB,aACnD,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,wBAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,WACC,IAAI,KAAK,aAAa,MAAM,oBAAoB;EACjD,YAAY,IAAI,KAAK,eAClB,QAAQ,IAAI,KAAK,cAAc,MAAM,GACrC,MAAM,sBACL,QAAQ,KAAK,qBAAqB,MAAM,GACxC;EACJ,2BAAW,IAAI,MAAM;EACrB,CACD;AAED,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,mBAAmB,SAC/B,mBACC,2BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,SAAS,EACR,MAAM,gCACN;KACD,MAAM,EACL,MAAM,6BACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,cAAc,EACrB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAGF,MAAM,aAAc,MAAM,IAAI,QAAQ,gBAAgB,aACrD,IAAI,KAAK,OACT;AAED,KAAI,CAAC,WACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;CAGlE,MAAM,cACL,MAAM,QAAQ,KAAK,WAAW,GAC3B,KAAK,aACL,KAAK,YAAY,MAAM,IAAI,IAAI,EAAE,EACnC,KAAK,SAAS,KAAK,MAAM,CAAC;AAS5B,MAPC,WAAW,QACX,KAAK,eACL,QACC,MAAM,IAAI,CAEI,MAAM,SAAS,WAAW,SAAS,KAAK,CAAC,IACxD,CAAC,CAAC,KAAK,cAAc,SAAS,WAAW,GAAG,EAY5C;MAAI,EATH,KAAK,6BAA6B,QAClC,cAAc;GACb,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,qBAAqB,EAC5B;GACD,CAAC,EAEF,OAAM,SAAS,KACd,aACA,kBAAkB,8BAClB;;CAIH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,WAAW,IACX,MACA;EACC,gBAAgB,IAAI,QAAQ,QAAQ,KAAK;EACzC,WAAW,MAAM,+BACd,QAAQ,KAAK,8BAA8B,MAAM,GACjD,QAAQ,MAAS,MAAM;EAC1B,EACD,KACA;AACD,KAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;CAEF,MAAM,cAAc,IAAI,QAAQ;AAChC,qBAAoB,IAAI;CACxB,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;CACD,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,gBAAgB;AACrE,OAAM,IAAI,gBACT,gBAAgB,MAChB,GAAG,IAAI,QAAQ,QAAQ,QAAQ,MAAM,GAAG,wBAAwB,MAChE,IAAI,QAAQ,QACZ,YAAY,aAAa,WACzB;AACD,OAAM,iBACL,KACA;EACU;EACT,MAAM;EACN,EACD,KACA;AACD,QAAO,IAAI,KAAK;EACN;EACT,MAAM,gBAAgB,IAAI,QAAQ,SAAS,WAAW;EACtD,CAAC;EAEH;;;;;;;;;;;;;;;;AAiBF,MAAa,0BACZ,mBACC,6BACA;CACC,QAAQ;CACR,gBAAgB;CAChB,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAKpB,IAAI;AACN,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,KAAI,CAAC,QAAQ,QAAQ,eACpB,OAAM,SAAS,WAAW,eAAe,EACxC,SAAS,oCACT,CAAC;CAEH,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,QAAQ,QAAQ,eAChB;AACD,KAAI,CAAC,KACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,uBACT,CAAC;CAEH,MAAM,qBAAqB,IAAI,QAAQ,iBAAiB,gBAAgB;CAExE,MAAM,cAAc,MAAM,IAAI,gBAC7B,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AAED,KAAI,CAAC,YACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;CAEH,MAAM,CAAC,mBAAmB,wBAAwB,aAAa,MAAM,IAAI;CACzE,MAAM,eAAe,MAAM,IAAI,QAAQ,gBAAgB,YACtD,kBACA;AACD,KAAI,CAAC,gBAAgB,aAAa,QAAQ,WAAW,KAAK,GACzD,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;AAEH,OAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,OAAM,iBAAiB,KAAK,cAAc,CAAC,CAAC,qBAAqB;AACjE,cAAa,KAAK,mBAAmB;AACrC,QAAO,IAAI,KAAK;EACf,SAAS,mBAAmB,IAAI,QAAQ,SAAS,aAAa,QAAQ;EACtE,MAAM,gBAAgB,IAAI,QAAQ,SAAS,aAAa,KAAK;EAC7D,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAAE,OAAO,EAC5C,cAAc,EAAE,QAAQ,CAAC,KAAK,EAC7B,aAAa,qBACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,SACjC,mBACC,8BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,cAAc,IAAI,KAAK,aAAa;AACtE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,+BAA+B,EAAE,OAAO,EAC7C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,sBAAsB,SAClC,mBACC,+BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAc,SAC1B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aACC;EACD,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,2BAClB;AAOF,KAAI,CAJS,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,OAAM,IAAI,QAAQ,gBAAgB,WAAW,IAAI,KAAK,OAAO;AAC7D,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,aAAa,EAAE,QAAQ,CAAC,SAAS,8BAA8B,CAAC,KAAK,EACpE,aAAa,oBACb,CAAC;CACF,QAAQ,EAAE,OAAO,QAAQ,CAAC,SAAS,yBAAyB,CAAC,KAAK,EACjE,aAAa,eACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,4BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,eAAe,EACtB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,0CAClB;CAGF,MAAM,EAAE,aAAa,WAAW,IAAI;CACpC,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,QAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;;CAExE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,QAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;;CAEvE,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AACnE,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AACxE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAClC,OAAO;CACP,QAAQ,EAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,EACzC,aAAa,8BACb,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAChC,aAAa,iDACb,CAAC;CACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;;;;;;;;;;;;;;;;AAiBF,MAAa,qBAA6C,SAAY;AAgBrE,QAAO,mBACN,yBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU;GACT,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,aAAa;MACZ,MAAM;MACN,aAAa;MACb,EACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD,QAAQ,EACP,MAAM,EAAE,EAIR;GACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,CAAC,IAAI,MAAM,YACd,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,2DACT,CAAC;EAEH,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAE5C,MAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,SAAS,eAAe;AAEnC,MAAI,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,KAAK,KAC7C,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,+BACT,CAAC;EAEH,MAAM,OACL,SAAS,SACR,IAAI,KAAK,OACP;GAAE,IAAI,IAAI,KAAK,UAAU;GAAI,MAAM,IAAI,KAAK;GAAM,GAClD,UACF,IAAI,KAAK,SACL,MAAM,IAAI,QAAQ,gBAAgB,aACpC,IAAI,KAAK,OACT,GACA;AACJ,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;EAEH,MAAM,SAAS,cAAc;GAC5B,QAAQ,KAAK;GACb,MAAM,KAAK;GACX,SAAS;GACT,aAAa,IAAI,KAAK;GACtB,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH"}

package/dist/plugins/index.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { InferOptionSchema, InferPluginContext, InferPluginErrorCodes, InferPluginIDs } from "../types/plugins.mjs";
 import { HIDE_METADATA } from "../utils/hide-metadata.mjs";
-import { AccessControl, Role, Statements, SubArray, Subset } from "./access/types.mjs";
+import { AccessControl, ArrayElement, Role, Statements, SubArray, Subset } from "./access/types.mjs";
 import { AuthorizeResponse, createAccessControl, role } from "./access/access.mjs";
 import "./access/index.mjs";
 import { OrganizationOptions } from "./organization/types.mjs";
@@ -65,4 +65,4 @@ import { UsernameOptions, username } from "./username/index.mjs";
 import { hasPermission } from "./organization/has-permission.mjs";
 import { DefaultOrganizationPlugin, DynamicAccessControlEndpoints, OrganizationCreator, OrganizationEndpoints, OrganizationPlugin, TeamEndpoints, organization, parseRoles } from "./organization/organization.mjs";
 import "./organization/index.mjs";
-export { AccessControl, AdminOptions, AnonymousOptions, AnonymousSession, Auth0Options, AuthorizationQuery, AuthorizeResponse, BackupCodeOptions, BaseCaptchaOptions, BaseOAuthProviderOptions, BearerOptions, CaptchaFoxOptions, CaptchaOptions, Client, CloudflareTurnstileOptions, CodeVerificationValue, CustomSessionPluginOptions, DefaultOrganizationPlugin, DeviceAuthorizationOptions, DynamicAccessControlEndpoints, MULTI_SESSION_ERROR_CODES as ERROR_CODES, EmailOTPOptions, FieldSchema, GenericOAuthConfig, GenericOAuthOptions, GoogleRecaptchaOptions, GumroadOptions, HCaptchaOptions, HIDE_METADATA, HaveIBeenPwnedOptions, HubSpotOptions, InferAdminRolesFromOption, InferInvitation, InferMember, InferOptionSchema, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPluginContext, InferPluginErrorCodes, InferPluginIDs, InferTeam, Invitation, InvitationInput, InvitationStatus, JWKOptions, JWSAlgorithms, Jwk, JwtOptions, KeycloakOptions, LastLoginMethodOptions, LineOptions, LoginResult, MagicLinkOptions, Member, MemberInput, MicrosoftEntraIdOptions, MultiSessionConfig, OAuthAccessToken, OAuthProxyOptions, OIDCMetadata, OIDCOptions, OTPOptions, OktaOptions, OneTapOptions, OneTimeTokenOptions, OpenAPIModelSchema, OpenAPIOptions, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Path, PatreonOptions, PhoneNumberOptions, Provider, Role, SIWEPluginOptions, SessionWithImpersonatedBy, SlackOptions, Statements, SubArray, Subset, TOTPOptions, TWO_FACTOR_ERROR_CODES, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, TestCookie, TestHelpers, TestUtilsOptions, TimeString, TokenBody, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, USERNAME_ERROR_CODES, UserWithAnonymous, UserWithPhoneNumber, UserWithRole, UserWithTwoFactor, UsernameOptions, admin, anonymous, auth0, backupCode2fa, bearer, captcha, createAccessControl, createJwk, customSession, defaultRolesSchema, deviceAuthorization, deviceAuthorizationOptionsSchema, emailOTP, generateBackupCodes, generateExportedKeyPair, generator, genericOAuth, getBackupCodes, getClient, getJwtToken, getMCPProtectedResourceMetadata, getMCPProviderMetadata, getMetadata, getOrgAdapter, gumroad, hasPermission, haveIBeenPwned, hubspot, invitationSchema, invitationStatus, jwt, keycloak, lastLoginMethod, line, magicLink, mcp, memberSchema, microsoftEntraId, ms, multiSession, oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata, oAuthProxy, oidcProvider, okta, oneTap, oneTimeToken, openAPI, organization, organizationRoleSchema, organizationSchema, otp2fa, parseRoles, patreon, phoneNumber, role, roleSchema, sec, signJWT, siwe, slack, teamMemberSchema, teamSchema, testUtils, toExpJWT, totp2fa, twoFactor, twoFactorClient, username, verifyBackupCode, verifyJWT, withMcpAuth };
+export { AccessControl, AdminOptions, AnonymousOptions, AnonymousSession, ArrayElement, Auth0Options, AuthorizationQuery, AuthorizeResponse, BackupCodeOptions, BaseCaptchaOptions, BaseOAuthProviderOptions, BearerOptions, CaptchaFoxOptions, CaptchaOptions, Client, CloudflareTurnstileOptions, CodeVerificationValue, CustomSessionPluginOptions, DefaultOrganizationPlugin, DeviceAuthorizationOptions, DynamicAccessControlEndpoints, MULTI_SESSION_ERROR_CODES as ERROR_CODES, EmailOTPOptions, FieldSchema, GenericOAuthConfig, GenericOAuthOptions, GoogleRecaptchaOptions, GumroadOptions, HCaptchaOptions, HIDE_METADATA, HaveIBeenPwnedOptions, HubSpotOptions, InferAdminRolesFromOption, InferInvitation, InferMember, InferOptionSchema, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPluginContext, InferPluginErrorCodes, InferPluginIDs, InferTeam, Invitation, InvitationInput, InvitationStatus, JWKOptions, JWSAlgorithms, Jwk, JwtOptions, KeycloakOptions, LastLoginMethodOptions, LineOptions, LoginResult, MagicLinkOptions, Member, MemberInput, MicrosoftEntraIdOptions, MultiSessionConfig, OAuthAccessToken, OAuthProxyOptions, OIDCMetadata, OIDCOptions, OTPOptions, OktaOptions, OneTapOptions, OneTimeTokenOptions, OpenAPIModelSchema, OpenAPIOptions, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Path, PatreonOptions, PhoneNumberOptions, Provider, Role, SIWEPluginOptions, SessionWithImpersonatedBy, SlackOptions, Statements, SubArray, Subset, TOTPOptions, TWO_FACTOR_ERROR_CODES, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, TestCookie, TestHelpers, TestUtilsOptions, TimeString, TokenBody, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, USERNAME_ERROR_CODES, UserWithAnonymous, UserWithPhoneNumber, UserWithRole, UserWithTwoFactor, UsernameOptions, admin, anonymous, auth0, backupCode2fa, bearer, captcha, createAccessControl, createJwk, customSession, defaultRolesSchema, deviceAuthorization, deviceAuthorizationOptionsSchema, emailOTP, generateBackupCodes, generateExportedKeyPair, generator, genericOAuth, getBackupCodes, getClient, getJwtToken, getMCPProtectedResourceMetadata, getMCPProviderMetadata, getMetadata, getOrgAdapter, gumroad, hasPermission, haveIBeenPwned, hubspot, invitationSchema, invitationStatus, jwt, keycloak, lastLoginMethod, line, magicLink, mcp, memberSchema, microsoftEntraId, ms, multiSession, oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata, oAuthProxy, oidcProvider, okta, oneTap, oneTimeToken, openAPI, organization, organizationRoleSchema, organizationSchema, otp2fa, parseRoles, patreon, phoneNumber, role, roleSchema, sec, signJWT, siwe, slack, teamMemberSchema, teamSchema, testUtils, toExpJWT, totp2fa, twoFactor, twoFactorClient, username, verifyBackupCode, verifyJWT, withMcpAuth };

package/dist/plugins/organization/client.d.mts CHANGED Viewed

@@ -2,7 +2,7 @@ import { FieldAttributeToObject, RemoveFieldsWithReturnedFalse } from "../../db/
 import { Prettify } from "../../types/helper.mjs";
 import { BetterAuthOptions as BetterAuthOptions$1 } from "../../types/index.mjs";
 import { AuthQueryAtom } from "../../client/query.mjs";
-import { AccessControl, Role, Statements } from "../access/types.mjs";
+import { AccessControl, ArrayElement, Role, Statements } from "../access/types.mjs";
 import "../access/index.mjs";
 import "../../db/index.mjs";
 import { OrganizationOptions } from "./types.mjs";
@@ -143,13 +143,13 @@ declare const organizationClient: <CO extends OrganizationClientOptions>(options
           readonly invitation: readonly ["create", "cancel"];
           readonly team: readonly ["create", "update", "delete"];
           readonly ac: readonly ["create", "read", "update", "delete"];
-        })[key] extends readonly unknown[] ? (CO["ac"] extends AccessControl<infer S extends Statements> ? S : {
+        })[key] extends readonly unknown[] ? ArrayElement<(CO["ac"] extends AccessControl<infer S extends Statements> ? S : {
           readonly organization: readonly ["update", "delete"];
           readonly member: readonly ["create", "update", "delete"];
           readonly invitation: readonly ["create", "cancel"];
           readonly team: readonly ["create", "update", "delete"];
           readonly ac: readonly ["create", "read", "update", "delete"];
-        })[key][number] : never)[] | undefined };
+        })[key]> : never)[] | undefined };
       } & {
         role: R;
       }) => boolean;

package/dist/plugins/organization/client.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/organization/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { DBFieldAttribute } from \"@better-auth/core/db\";\nimport { atom } from \"nanostores\";\nimport { useAuthQuery } from \"../../client\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tMember,\n} from \"../../plugins/organization/schema\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../../types\";\nimport type { Prettify } from \"../../types/helper\";\nimport type { AccessControl, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, defaultRoles, memberAc, ownerAc } from \"./access\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport type { OrganizationPlugin } from \"./organization\";\nimport type { HasPermissionBaseInput } from \"./permission\";\nimport { hasPermissionFn } from \"./permission\";\nimport type { OrganizationOptions } from \"./types\";\n\nexport * from \"./error-codes\";\n\n/*\n Using the same `hasPermissionFn` function, but without the need for a `ctx` parameter or the `organizationId` parameter.\n /\nexport const clientSideHasPermission = (input: HasPermissionBaseInput) => {\n\tconst acRoles: {\n\t\t[x: string]: Role<any> \| undefined;\n\t} = input.options.roles \|\| defaultRoles;\n\n\treturn hasPermissionFn(input, acRoles);\n};\n\ninterface OrganizationClientOptions {\n\tac?: AccessControl \| undefined;\n\troles?:\n\t\t\| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t\| undefined;\n\tteams?:\n\t\t\| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t\| undefined;\n\tschema?:\n\t\t\| {\n\t\t\t\torganization?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tmember?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tinvitation?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tteam?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\torganizationRole?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t }\n\t\t\| undefined;\n\tdynamicAccessControl?:\n\t\t\| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t\| undefined;\n}\n\nexport const organizationClient = <CO extends OrganizationClientOptions>(\n\toptions?: CO \| undefined,\n) => {\n\tconst $listOrg = atom<boolean>(false);\n\tconst $activeOrgSignal = atom<boolean>(false);\n\tconst $activeMemberSignal = atom<boolean>(false);\n\tconst $activeMemberRoleSignal = atom<boolean>(false);\n\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tCO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tmember: memberAc,\n\t\towner: ownerAc,\n\t\t...options?.roles,\n\t};\n\n\ttype OrganizationReturn = CO[\"teams\"] extends { enabled: true }\n\t\t? {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\tteams: InferTeam<CO>[];\n\t\t\t} & InferOrganization<CO>\n\t\t: {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t} & InferOrganization<CO>;\n\n\ttype Schema = CO[\"schema\"];\n\treturn {\n\t\tid: \"organization\",\n\t\t$InferServerPlugin: {} as OrganizationPlugin<{\n\t\t\tac: CO[\"ac\"] extends AccessControl\n\t\t\t\t? CO[\"ac\"]\n\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\troles: CO[\"roles\"] extends Record<string, Role>\n\t\t\t\t? CO[\"roles\"]\n\t\t\t\t: {\n\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\tmember: Role;\n\t\t\t\t\t\towner: Role;\n\t\t\t\t\t};\n\t\t\tteams: {\n\t\t\t\tenabled: CO[\"teams\"] extends { enabled: true } ? true : false;\n\t\t\t};\n\t\t\tschema: Schema;\n\t\t\tdynamicAccessControl: {\n\t\t\t\tenabled: CO[\"dynamicAccessControl\"] extends { enabled: true }\n\t\t\t\t\t? true\n\t\t\t\t\t: false;\n\t\t\t};\n\t\t}>,\n\t\tgetActions: ($fetch, _$store, co) => ({\n\t\t\t$Infer: {\n\t\t\t\tActiveOrganization: {} as OrganizationReturn,\n\t\t\t\tOrganization: {} as InferOrganization<CO>,\n\t\t\t\tInvitation: {} as InferInvitation<CO>,\n\t\t\t\tMember: {} as InferMember<CO>,\n\t\t\t\tTeam: {} as InferTeam<CO>,\n\t\t\t},\n\t\t\torganization: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends CO extends { roles: any }\n\t\t\t\t\t\t? keyof CO[\"roles\"]\n\t\t\t\t\t\t: \"admin\" \| \"member\" \| \"owner\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = clientSideHasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tgetAtoms: ($fetch) => {\n\t\t\tconst listOrganizations = useAuthQuery<InferOrganization<CO>[]>(\n\t\t\t\t$listOrg,\n\t\t\t\t\"/organization/list\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst activeOrganization = useAuthQuery<\n\t\t\t\tPrettify<\n\t\t\t\t\tInferOrganization<CO> & {\n\t\t\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\t\t}\n\t\t\t\t>\n\t\t\t>(\n\t\t\t\t[$activeOrgSignal],\n\t\t\t\t\"/organization/get-full-organization\",\n\t\t\t\t$fetch,\n\t\t\t\t() => ({\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t}),\n\t\t\t);\n\n\t\t\tconst activeMember = useAuthQuery<Member>(\n\t\t\t\t[$activeOrgSignal, $activeMemberSignal],\n\t\t\t\t\"/organization/get-active-member\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tconst activeMemberRole = useAuthQuery<{ role: string }>(\n\t\t\t\t[$activeOrgSignal, $activeMemberRoleSignal],\n\t\t\t\t\"/organization/get-active-member-role\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\treturn {\n\t\t\t\t$listOrg,\n\t\t\t\t$activeOrgSignal,\n\t\t\t\t$activeMemberSignal,\n\t\t\t\t$activeMemberRoleSignal,\n\t\t\t\tactiveOrganization,\n\t\t\t\tlistOrganizations,\n\t\t\t\tactiveMember,\n\t\t\t\tactiveMemberRole,\n\t\t\t};\n\t\t},\n\t\tpathMethods: {\n\t\t\t\"/organization/get-full-organization\": \"GET\",\n\t\t\t\"/organization/list-user-teams\": \"GET\",\n\t\t},\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath === \"/organization/create\" \|\|\n\t\t\t\t\t\tpath === \"/organization/delete\" \|\|\n\t\t\t\t\t\tpath === \"/organization/update\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$listOrg\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn path.startsWith(\"/organization\");\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeOrgSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\") \|\|\n\t\t\t\t\t\tpath === \"/organization/create\" \|\|\n\t\t\t\t\t\tpath === \"/organization/delete\" \|\|\n\t\t\t\t\t\tpath === \"/organization/remove-member\" \|\|\n\t\t\t\t\t\tpath === \"/organization/leave\" \|\|\n\t\t\t\t\t\tpath === \"/organization/accept-invitation\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") \|\|\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") \|\|\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberRoleSignal\",\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport const inferOrgAdditionalFields = <\n\tO extends {\n\t\toptions: BetterAuthOptions;\n\t},\n\tS extends OrganizationOptions[\"schema\"] = undefined,\n>(\n\tschema?: S \| undefined,\n) => {\n\ttype FindById<\n\t\tT extends readonly BetterAuthPlugin[],\n\t\tTargetId extends string,\n\t> = Extract<T[number], { id: TargetId }>;\n\n\ttype Auth = O extends { options: any } ? O : { options: { plugins: [] } };\n\n\ttype OrganizationPlugin = FindById<\n\t\t// @ts-expect-error\n\t\tAuth[\"options\"][\"plugins\"],\n\t\t\"organization\"\n\t>;\n\n\t// The server schema can contain more properties other than additionalFields, but the client only supports additionalFields\n\t// if we don't remove all other properties we may see assignability issues\n\n\ttype ExtractClientOnlyFields<T> = {\n\t\t[K in keyof T]: T[K] extends { additionalFields: infer _AF }\n\t\t\t? T[K]\n\t\t\t: undefined;\n\t};\n\n\ttype Schema = O extends Object\n\t\t? O extends Exclude<OrganizationOptions[\"schema\"], undefined>\n\t\t\t? O\n\t\t\t: OrganizationPlugin extends { options: { schema: infer S } }\n\t\t\t\t? S extends OrganizationOptions[\"schema\"]\n\t\t\t\t\t? ExtractClientOnlyFields<S>\n\t\t\t\t\t: undefined\n\t\t\t\t: undefined\n\t\t: undefined;\n\treturn {} as undefined extends S ? Schema : S;\n};\n\nexport type from \"./schema\";\n"],"mappings":";;;;;;;;;;;;AA2BA,MAAa,2BAA2B,UAAkC;AAKzE,QAAO,gBAAgB,OAFnB,MAAM,QAAQ,SAAS,aAEW;;AAmDvC,MAAa,sBACZ,YACI;CACJ,MAAM,WAAW,KAAc,MAAM;CACrC,MAAM,mBAAmB,KAAc,MAAM;CAC7C,MAAM,sBAAsB,KAAc,MAAM;CAChD,MAAM,0BAA0B,KAAc,MAAM;CAgBpD,MAAM,QAAQ;EACb,OAAO;EACP,QAAQ;EACR,OAAO;EACP,GAAG,SAAS;EACZ;AAcD,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAqBtB,aAAa,QAAQ,SAAS,QAAQ;GACrC,QAAQ;IACP,oBAAoB,EAAE;IACtB,cAAc,EAAE;IAChB,YAAY,EAAE;IACd,QAAQ,EAAE;IACV,MAAM,EAAE;IACR;GACD,cAAc,EACb,sBAKC,SAGI;AASJ,WARqB,wBAAwB;KAC5C,MAAM,KAAK;KACX,SAAS;MACR,IAAI,SAAS;MACN;MACP;KACD,aAAa,KAAK;KAClB,CAAC;MAGH;GACD;EACD,WAAW,WAAW;GACrB,MAAM,oBAAoB,aACzB,UACA,sBACA,QACA,EACC,QAAQ,OACR,CACD;AAmCD,UAAO;IACN;IACA;IACA;IACA;IACA,oBAvC0B,aAQ1B,CAAC,iBAAiB,EAClB,uCACA,eACO,EACN,QAAQ,OACR,EACD;IA0BA;IACA,cAzBoB,aACpB,CAAC,kBAAkB,oBAAoB,EACvC,mCACA,QACA,EACC,QAAQ,OACR,CACD;IAmBA,kBAjBwB,aACxB,CAAC,kBAAkB,wBAAwB,EAC3C,wCACA,QACA,EACC,QAAQ,OACR,CACD;IAWA;;EAEF,aAAa;GACZ,uCAAuC;GACvC,iCAAiC;GACjC;EACD,eAAe;GACd;IACC,QAAQ,MAAM;AACb,YACC,SAAS,0BACT,SAAS,0BACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YAAO,KAAK,WAAW,gBAAgB;;IAExC,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,WAAW,2BAA2B,IAC3C,SAAS,0BACT,SAAS,0BACT,SAAS,iCACT,SAAS,yBACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;EACD,cAAc;EACd;;AAGF,MAAa,4BAMZ,WACI;AAgCJ,QAAO,EAAE"}
1	+ {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/organization/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { DBFieldAttribute } from \"@better-auth/core/db\";\nimport { atom } from \"nanostores\";\nimport { useAuthQuery } from \"../../client\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tMember,\n} from \"../../plugins/organization/schema\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../../types\";\nimport type { Prettify } from \"../../types/helper\";\nimport type { AccessControl, ArrayElement, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, defaultRoles, memberAc, ownerAc } from \"./access\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport type { OrganizationPlugin } from \"./organization\";\nimport type { HasPermissionBaseInput } from \"./permission\";\nimport { hasPermissionFn } from \"./permission\";\nimport type { OrganizationOptions } from \"./types\";\n\nexport * from \"./error-codes\";\n\n/*\n Using the same `hasPermissionFn` function, but without the need for a `ctx` parameter or the `organizationId` parameter.\n /\nexport const clientSideHasPermission = (input: HasPermissionBaseInput) => {\n\tconst acRoles: {\n\t\t[x: string]: Role<any> \| undefined;\n\t} = input.options.roles \|\| defaultRoles;\n\n\treturn hasPermissionFn(input, acRoles);\n};\n\ninterface OrganizationClientOptions {\n\tac?: AccessControl \| undefined;\n\troles?:\n\t\t\| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t\| undefined;\n\tteams?:\n\t\t\| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t\| undefined;\n\tschema?:\n\t\t\| {\n\t\t\t\torganization?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tmember?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tinvitation?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tteam?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\torganizationRole?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t }\n\t\t\| undefined;\n\tdynamicAccessControl?:\n\t\t\| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t\| undefined;\n}\n\nexport const organizationClient = <CO extends OrganizationClientOptions>(\n\toptions?: CO \| undefined,\n) => {\n\tconst $listOrg = atom<boolean>(false);\n\tconst $activeOrgSignal = atom<boolean>(false);\n\tconst $activeMemberSignal = atom<boolean>(false);\n\tconst $activeMemberRoleSignal = atom<boolean>(false);\n\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tCO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tmember: memberAc,\n\t\towner: ownerAc,\n\t\t...options?.roles,\n\t};\n\n\ttype OrganizationReturn = CO[\"teams\"] extends { enabled: true }\n\t\t? {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\tteams: InferTeam<CO>[];\n\t\t\t} & InferOrganization<CO>\n\t\t: {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t} & InferOrganization<CO>;\n\n\ttype Schema = CO[\"schema\"];\n\treturn {\n\t\tid: \"organization\",\n\t\t$InferServerPlugin: {} as OrganizationPlugin<{\n\t\t\tac: CO[\"ac\"] extends AccessControl\n\t\t\t\t? CO[\"ac\"]\n\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\troles: CO[\"roles\"] extends Record<string, Role>\n\t\t\t\t? CO[\"roles\"]\n\t\t\t\t: {\n\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\tmember: Role;\n\t\t\t\t\t\towner: Role;\n\t\t\t\t\t};\n\t\t\tteams: {\n\t\t\t\tenabled: CO[\"teams\"] extends { enabled: true } ? true : false;\n\t\t\t};\n\t\t\tschema: Schema;\n\t\t\tdynamicAccessControl: {\n\t\t\t\tenabled: CO[\"dynamicAccessControl\"] extends { enabled: true }\n\t\t\t\t\t? true\n\t\t\t\t\t: false;\n\t\t\t};\n\t\t}>,\n\t\tgetActions: ($fetch, _$store, co) => ({\n\t\t\t$Infer: {\n\t\t\t\tActiveOrganization: {} as OrganizationReturn,\n\t\t\t\tOrganization: {} as InferOrganization<CO>,\n\t\t\t\tInvitation: {} as InferInvitation<CO>,\n\t\t\t\tMember: {} as InferMember<CO>,\n\t\t\t\tTeam: {} as InferTeam<CO>,\n\t\t\t},\n\t\t\torganization: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends CO extends { roles: any }\n\t\t\t\t\t\t? keyof CO[\"roles\"]\n\t\t\t\t\t\t: \"admin\" \| \"member\" \| \"owner\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = clientSideHasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tgetAtoms: ($fetch) => {\n\t\t\tconst listOrganizations = useAuthQuery<InferOrganization<CO>[]>(\n\t\t\t\t$listOrg,\n\t\t\t\t\"/organization/list\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst activeOrganization = useAuthQuery<\n\t\t\t\tPrettify<\n\t\t\t\t\tInferOrganization<CO> & {\n\t\t\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\t\t}\n\t\t\t\t>\n\t\t\t>(\n\t\t\t\t[$activeOrgSignal],\n\t\t\t\t\"/organization/get-full-organization\",\n\t\t\t\t$fetch,\n\t\t\t\t() => ({\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t}),\n\t\t\t);\n\n\t\t\tconst activeMember = useAuthQuery<Member>(\n\t\t\t\t[$activeOrgSignal, $activeMemberSignal],\n\t\t\t\t\"/organization/get-active-member\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tconst activeMemberRole = useAuthQuery<{ role: string }>(\n\t\t\t\t[$activeOrgSignal, $activeMemberRoleSignal],\n\t\t\t\t\"/organization/get-active-member-role\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\treturn {\n\t\t\t\t$listOrg,\n\t\t\t\t$activeOrgSignal,\n\t\t\t\t$activeMemberSignal,\n\t\t\t\t$activeMemberRoleSignal,\n\t\t\t\tactiveOrganization,\n\t\t\t\tlistOrganizations,\n\t\t\t\tactiveMember,\n\t\t\t\tactiveMemberRole,\n\t\t\t};\n\t\t},\n\t\tpathMethods: {\n\t\t\t\"/organization/get-full-organization\": \"GET\",\n\t\t\t\"/organization/list-user-teams\": \"GET\",\n\t\t},\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath === \"/organization/create\" \|\|\n\t\t\t\t\t\tpath === \"/organization/delete\" \|\|\n\t\t\t\t\t\tpath === \"/organization/update\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$listOrg\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn path.startsWith(\"/organization\");\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeOrgSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\") \|\|\n\t\t\t\t\t\tpath === \"/organization/create\" \|\|\n\t\t\t\t\t\tpath === \"/organization/delete\" \|\|\n\t\t\t\t\t\tpath === \"/organization/remove-member\" \|\|\n\t\t\t\t\t\tpath === \"/organization/leave\" \|\|\n\t\t\t\t\t\tpath === \"/organization/accept-invitation\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") \|\|\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") \|\|\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberRoleSignal\",\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport const inferOrgAdditionalFields = <\n\tO extends {\n\t\toptions: BetterAuthOptions;\n\t},\n\tS extends OrganizationOptions[\"schema\"] = undefined,\n>(\n\tschema?: S \| undefined,\n) => {\n\ttype FindById<\n\t\tT extends readonly BetterAuthPlugin[],\n\t\tTargetId extends string,\n\t> = Extract<T[number], { id: TargetId }>;\n\n\ttype Auth = O extends { options: any } ? O : { options: { plugins: [] } };\n\n\ttype OrganizationPlugin = FindById<\n\t\t// @ts-expect-error\n\t\tAuth[\"options\"][\"plugins\"],\n\t\t\"organization\"\n\t>;\n\n\t// The server schema can contain more properties other than additionalFields, but the client only supports additionalFields\n\t// if we don't remove all other properties we may see assignability issues\n\n\ttype ExtractClientOnlyFields<T> = {\n\t\t[K in keyof T]: T[K] extends { additionalFields: infer _AF }\n\t\t\t? T[K]\n\t\t\t: undefined;\n\t};\n\n\ttype Schema = O extends Object\n\t\t? O extends Exclude<OrganizationOptions[\"schema\"], undefined>\n\t\t\t? O\n\t\t\t: OrganizationPlugin extends { options: { schema: infer S } }\n\t\t\t\t? S extends OrganizationOptions[\"schema\"]\n\t\t\t\t\t? ExtractClientOnlyFields<S>\n\t\t\t\t\t: undefined\n\t\t\t\t: undefined\n\t\t: undefined;\n\treturn {} as undefined extends S ? Schema : S;\n};\n\nexport type from \"./schema\";\n"],"mappings":";;;;;;;;;;;;AA2BA,MAAa,2BAA2B,UAAkC;AAKzE,QAAO,gBAAgB,OAFnB,MAAM,QAAQ,SAAS,aAEW;;AAmDvC,MAAa,sBACZ,YACI;CACJ,MAAM,WAAW,KAAc,MAAM;CACrC,MAAM,mBAAmB,KAAc,MAAM;CAC7C,MAAM,sBAAsB,KAAc,MAAM;CAChD,MAAM,0BAA0B,KAAc,MAAM;CAgBpD,MAAM,QAAQ;EACb,OAAO;EACP,QAAQ;EACR,OAAO;EACP,GAAG,SAAS;EACZ;AAcD,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAqBtB,aAAa,QAAQ,SAAS,QAAQ;GACrC,QAAQ;IACP,oBAAoB,EAAE;IACtB,cAAc,EAAE;IAChB,YAAY,EAAE;IACd,QAAQ,EAAE;IACV,MAAM,EAAE;IACR;GACD,cAAc,EACb,sBAKC,SAGI;AASJ,WARqB,wBAAwB;KAC5C,MAAM,KAAK;KACX,SAAS;MACR,IAAI,SAAS;MACN;MACP;KACD,aAAa,KAAK;KAClB,CAAC;MAGH;GACD;EACD,WAAW,WAAW;GACrB,MAAM,oBAAoB,aACzB,UACA,sBACA,QACA,EACC,QAAQ,OACR,CACD;AAmCD,UAAO;IACN;IACA;IACA;IACA;IACA,oBAvC0B,aAQ1B,CAAC,iBAAiB,EAClB,uCACA,eACO,EACN,QAAQ,OACR,EACD;IA0BA;IACA,cAzBoB,aACpB,CAAC,kBAAkB,oBAAoB,EACvC,mCACA,QACA,EACC,QAAQ,OACR,CACD;IAmBA,kBAjBwB,aACxB,CAAC,kBAAkB,wBAAwB,EAC3C,wCACA,QACA,EACC,QAAQ,OACR,CACD;IAWA;;EAEF,aAAa;GACZ,uCAAuC;GACvC,iCAAiC;GACjC;EACD,eAAe;GACd;IACC,QAAQ,MAAM;AACb,YACC,SAAS,0BACT,SAAS,0BACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YAAO,KAAK,WAAW,gBAAgB;;IAExC,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,WAAW,2BAA2B,IAC3C,SAAS,0BACT,SAAS,0BACT,SAAS,iCACT,SAAS,yBACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;EACD,cAAc;EACd;;AAGF,MAAa,4BAMZ,WACI;AAgCJ,QAAO,EAAE"}

package/dist/plugins/organization/organization.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessControl, Statements } from "../access/types.mjs";
+import { AccessControl, ArrayElement, Statements } from "../access/types.mjs";
 import "../access/index.mjs";
 import { OrganizationOptions } from "./types.mjs";
 import { InferInvitation, InferMember, InferOrganization, InferTeam, OrganizationSchema, Team, TeamMember } from "./schema.mjs";
@@ -172,13 +172,13 @@ declare const createHasPermission: <O extends OrganizationOptions>(options: O) =
           readonly invitation: readonly ["create", "cancel"];
           readonly team: readonly ["create", "update", "delete"];
           readonly ac: readonly ["create", "read", "update", "delete"];
-        })[key] extends readonly unknown[] ? (O["ac"] extends AccessControl<infer S extends Statements> ? S : {
+        })[key] extends readonly unknown[] ? ArrayElement<(O["ac"] extends AccessControl<infer S extends Statements> ? S : {
           readonly organization: readonly ["update", "delete"];
           readonly member: readonly ["create", "update", "delete"];
           readonly invitation: readonly ["create", "cancel"];
           readonly team: readonly ["create", "update", "delete"];
           readonly ac: readonly ["create", "read", "update", "delete"];
-        })[key][number] : never)[] | undefined };
+        })[key]> : never)[] | undefined };
       } & {
         organizationId?: string | undefined;
       };

package/dist/plugins/organization/organization.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"organization.mjs","names":[],"sources":["../../../src/plugins/organization/organization.ts"],"sourcesContent":["import type { AuthContext, BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\nimport { APIError } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport { shimContext } from \"../../utils/shim\";\nimport type { AccessControl } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { defaultRoles } from \"./access\";\nimport { getOrgAdapter } from \"./adapter\";\nimport { orgSessionMiddleware } from \"./call\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport {\n\tcreateOrgRole,\n\tdeleteOrgRole,\n\tgetOrgRole,\n\tlistOrgRoles,\n\tupdateOrgRole,\n} from \"./routes/crud-access-control\";\nimport {\n\tacceptInvitation,\n\tcancelInvitation,\n\tcreateInvitation,\n\tgetInvitation,\n\tlistInvitations,\n\tlistUserInvitations,\n\trejectInvitation,\n} from \"./routes/crud-invites\";\nimport {\n\taddMember,\n\tgetActiveMember,\n\tgetActiveMemberRole,\n\tleaveOrganization,\n\tlistMembers,\n\tremoveMember,\n\tupdateMemberRole,\n} from \"./routes/crud-members\";\nimport {\n\tcheckOrganizationSlug,\n\tcreateOrganization,\n\tdeleteOrganization,\n\tgetFullOrganization,\n\tlistOrganizations,\n\tsetActiveOrganization,\n\tupdateOrganization,\n} from \"./routes/crud-org\";\nimport {\n\taddTeamMember,\n\tcreateTeam,\n\tlistOrganizationTeams,\n\tlistTeamMembers,\n\tlistUserTeams,\n\tremoveTeam,\n\tremoveTeamMember,\n\tsetActiveTeam,\n\tupdateTeam,\n} from \"./routes/crud-team\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tOrganizationSchema,\n\tTeam,\n\tTeamMember,\n} from \"./schema\";\nimport type { OrganizationOptions } from \"./types\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\torganization: {\n\t\t\tcreator: OrganizationCreator;\n\t\t};\n\t}\n}\n\nexport { hasPermission } from \"./has-permission\";\nexport type { OrganizationOptions } from \"./types\";\n\nexport type DefaultOrganizationPlugin<Options extends OrganizationOptions> = {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<Options>;\n\tschema: OrganizationSchema<Options>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<Options>;\n\t\tInvitation: InferInvitation<Options>;\n\t\tMember: InferMember<Options>;\n\t\tTeam: Options[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: Options[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: Options[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<Options, false>[];\n\t\t\t\t\tinvitations: InferInvitation<Options, false>[];\n\t\t\t\t\tteams: InferTeam<Options, false>[];\n\t\t\t\t} & InferOrganization<Options, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<Options, false>[];\n\t\t\t\t\tinvitations: InferInvitation<Options, false>[];\n\t\t\t\t} & InferOrganization<Options, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<Options>;\n};\n\nexport interface OrganizationCreator {\n\t<Options extends OrganizationOptions>(\n\t\toptions?: Options \| undefined,\n\t): DefaultOrganizationPlugin<Options>;\n}\n\nexport function parseRoles(roles: string \| string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nexport type DynamicAccessControlEndpoints<O extends OrganizationOptions> = {\n\tcreateOrgRole: ReturnType<typeof createOrgRole<O>>;\n\tdeleteOrgRole: ReturnType<typeof deleteOrgRole<O>>;\n\tlistOrgRoles: ReturnType<typeof listOrgRoles<O>>;\n\tgetOrgRole: ReturnType<typeof getOrgRole<O>>;\n\tupdateOrgRole: ReturnType<typeof updateOrgRole<O>>;\n};\n\nexport type TeamEndpoints<O extends OrganizationOptions> = {\n\tcreateTeam: ReturnType<typeof createTeam<O>>;\n\tlistOrganizationTeams: ReturnType<typeof listOrganizationTeams<O>>;\n\tremoveTeam: ReturnType<typeof removeTeam<O>>;\n\tupdateTeam: ReturnType<typeof updateTeam<O>>;\n\tsetActiveTeam: ReturnType<typeof setActiveTeam<O>>;\n\tlistUserTeams: ReturnType<typeof listUserTeams<O>>;\n\tlistTeamMembers: ReturnType<typeof listTeamMembers<O>>;\n\taddTeamMember: ReturnType<typeof addTeamMember<O>>;\n\tremoveTeamMember: ReturnType<typeof removeTeamMember<O>>;\n};\n\nexport type OrganizationEndpoints<O extends OrganizationOptions> = {\n\tcreateOrganization: ReturnType<typeof createOrganization<O>>;\n\tupdateOrganization: ReturnType<typeof updateOrganization<O>>;\n\tdeleteOrganization: ReturnType<typeof deleteOrganization<O>>;\n\tsetActiveOrganization: ReturnType<typeof setActiveOrganization<O>>;\n\tgetFullOrganization: ReturnType<typeof getFullOrganization<O>>;\n\tlistOrganizations: ReturnType<typeof listOrganizations<O>>;\n\tcreateInvitation: ReturnType<typeof createInvitation<O>>;\n\tcancelInvitation: ReturnType<typeof cancelInvitation<O>>;\n\tacceptInvitation: ReturnType<typeof acceptInvitation<O>>;\n\tgetInvitation: ReturnType<typeof getInvitation<O>>;\n\trejectInvitation: ReturnType<typeof rejectInvitation<O>>;\n\tlistInvitations: ReturnType<typeof listInvitations<O>>;\n\tgetActiveMember: ReturnType<typeof getActiveMember<O>>;\n\tcheckOrganizationSlug: ReturnType<typeof checkOrganizationSlug<O>>;\n\taddMember: ReturnType<typeof addMember<O>>;\n\tremoveMember: ReturnType<typeof removeMember<O>>;\n\tupdateMemberRole: ReturnType<typeof updateMemberRole<O>>;\n\tleaveOrganization: ReturnType<typeof leaveOrganization<O>>;\n\tlistUserInvitations: ReturnType<typeof listUserInvitations<O>>;\n\tlistMembers: ReturnType<typeof listMembers<O>>;\n\tgetActiveMemberRole: ReturnType<typeof getActiveMemberRole<O>>;\n\thasPermission: ReturnType<typeof createHasPermission<O>>;\n};\n\nconst createHasPermissionBodySchema = z\n\t.object({\n\t\torganizationId: z.string().optional(),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\nconst createHasPermission = <O extends OrganizationOptions>(options: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/organization/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t\tbody: createHasPermissionBodySchema,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\torganizationId?: string \| undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t\tdeprecated: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst activeOrganizationId =\n\t\t\t\tctx.body.organizationId \|\|\n\t\t\t\tctx.context.session.session.activeOrganizationId;\n\t\t\tif (!activeOrganizationId) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst adapter = getOrgAdapter<O>(ctx.context, options);\n\t\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\torganizationId: activeOrganizationId,\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst result = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\trole: member.role,\n\t\t\t\t\toptions: options,\n\t\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t\t\torganizationId: activeOrganizationId,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n\nexport type OrganizationPlugin<O extends OrganizationOptions> = {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> &\n\t\t(O extends { teams: { enabled: true } } ? TeamEndpoints<O> : {}) &\n\t\t(O extends { dynamicAccessControl: { enabled: true } }\n\t\t\t? DynamicAccessControlEndpoints<O>\n\t\t\t: {});\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\n\n/*\n Organization plugin for Better Auth. Organization allows you to create teams, members,\n * and manage access control for your users.\n \n @example\n * ```ts\n * const auth = betterAuth({\n * plugins: [\n * organization({\n * allowUserToCreateOrganization: true,\n * }),\n * ],\n * });\n * ```\n /\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tteams: { enabled: true };\n\t\tdynamicAccessControl?:\n\t\t\t\| {\n\t\t\t\t\tenabled?: false \| undefined;\n\t\t\t }\n\t\t\t\| undefined;\n\t},\n>(\n\toptions?: O \| undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> & TeamEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tteams: { enabled: true };\n\t\tdynamicAccessControl: { enabled: true };\n\t},\n>(\n\toptions?: O \| undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> &\n\t\tTeamEndpoints<O> &\n\t\tDynamicAccessControlEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tdynamicAccessControl: { enabled: true };\n\t\tteams?: { enabled?: false \| undefined } \| undefined;\n\t},\n>(\n\toptions?: O \| undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> & DynamicAccessControlEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<O extends OrganizationOptions>(\n\toptions?: O \| undefined,\n): DefaultOrganizationPlugin<O>;\nexport function organization<O extends OrganizationOptions>(options?: O) {\n\tconst opts = (options \|\| {}) as O;\n\tlet endpoints = {\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/create`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.createOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.create`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-create)\n\t\t /\n\t\tcreateOrganization: createOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/update`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.updateOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.update`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update)\n\t\t /\n\t\tupdateOrganization: updateOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/delete`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.deleteOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.delete`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-delete)\n\t\t /\n\t\tdeleteOrganization: deleteOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/set-active`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.setActiveOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.setActive`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-set-active)\n\t\t /\n\t\tsetActiveOrganization: setActiveOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-full-organization`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getFullOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getFullOrganization`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-full-organization)\n\t\t /\n\t\tgetFullOrganization: getFullOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listOrganizations`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.list`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list)\n\t\t /\n\t\tlistOrganizations: listOrganizations(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/invite-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.createInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.inviteMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-invite-member)\n\t\t /\n\t\tcreateInvitation: createInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/cancel-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.cancelInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.cancelInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-cancel-invitation)\n\t\t /\n\t\tcancelInvitation: cancelInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/accept-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.acceptInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.acceptInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-accept-invitation)\n\t\t /\n\t\tacceptInvitation: acceptInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-invitation)\n\t\t /\n\t\tgetInvitation: getInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/reject-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.rejectInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.rejectInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-reject-invitation)\n\t\t /\n\t\trejectInvitation: rejectInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-invitations`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listInvitations`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listInvitations`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list-invitations)\n\t\t /\n\t\tlistInvitations: listInvitations(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-active-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getActiveMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getActiveMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-active-member)\n\t\t /\n\t\tgetActiveMember: getActiveMember(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/check-slug`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.checkOrganizationSlug`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.checkSlug`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-check-slug)\n\t\t /\n\t\tcheckOrganizationSlug: checkOrganizationSlug(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/add-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.addMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-add-member)\n\t\t /\n\n\t\taddMember: addMember<O>(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/remove-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.removeMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.removeMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-remove-member)\n\t\t /\n\t\tremoveMember: removeMember(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/update-member-role`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.updateMemberRole`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.updateMemberRole`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update-member-role)\n\t\t /\n\t\tupdateMemberRole: updateMemberRole(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/leave`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.leaveOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.leave`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-leave)\n\t\t /\n\t\tleaveOrganization: leaveOrganization(opts),\n\t\tlistUserInvitations: listUserInvitations(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-members`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listMembers`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listMembers`\n\t\t /\n\t\tlistMembers: listMembers(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-active-member-role`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getActiveMemberRole`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getActiveMemberRole`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-active-member-role)\n\t\t /\n\t\tgetActiveMemberRole: getActiveMemberRole(opts),\n\t};\n\tconst teamSupport = opts.teams?.enabled;\n\tconst teamEndpoints = {\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/create-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.createTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.createTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-create-team)\n\t\t /\n\t\tcreateTeam: createTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-teams`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listOrganizationTeams`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listTeams`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list-teams)\n\t\t /\n\t\tlistOrganizationTeams: listOrganizationTeams(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/remove-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.removeTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.removeTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-remove-team)\n\t\t /\n\t\tremoveTeam: removeTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/update-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.updateTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.updateTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update-team)\n\t\t /\n\t\tupdateTeam: updateTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/set-active-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.setActiveTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.setActiveTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t /\n\t\tsetActiveTeam: setActiveTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-user-teams`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listUserTeams`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listUserTeams`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t /\n\t\tlistUserTeams: listUserTeams(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/list-team-members`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listTeamMembers`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listTeamMembers`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t /\n\t\tlistTeamMembers: listTeamMembers(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/add-team-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.addTeamMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.addTeamMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-add-team-member)\n\t\t /\n\t\taddTeamMember: addTeamMember(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/remove-team-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.removeTeamMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.removeTeamMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-remove-team-member)\n\t\t /\n\t\tremoveTeamMember: removeTeamMember(opts),\n\t};\n\tif (teamSupport) {\n\t\tendpoints = {\n\t\t\t...endpoints,\n\t\t\t...teamEndpoints,\n\t\t};\n\t}\n\n\tconst dynamicAccessControlEndpoints = {\n\t\tcreateOrgRole: createOrgRole(opts),\n\t\tdeleteOrgRole: deleteOrgRole(opts),\n\t\tlistOrgRoles: listOrgRoles(opts),\n\t\tgetOrgRole: getOrgRole(opts),\n\t\tupdateOrgRole: updateOrgRole(opts),\n\t};\n\tif (opts.dynamicAccessControl?.enabled) {\n\t\tendpoints = {\n\t\t\t...endpoints,\n\t\t\t...dynamicAccessControlEndpoints,\n\t\t};\n\t}\n\tconst roles = {\n\t\t...defaultRoles,\n\t\t...opts.roles,\n\t};\n\n\t// Build team schema in a way that never introduces undefined values when spreading\n\tconst teamSchema = teamSupport\n\t\t? ({\n\t\t\t\tteam: {\n\t\t\t\t\tmodelName: opts.schema?.team?.modelName,\n\t\t\t\t\tfields: {\n\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\torganizationId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.organizationId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.updatedAt,\n\t\t\t\t\t\t\tonUpdate: () => new Date(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t...(opts.schema?.team?.additionalFields \|\| {}),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tteamMember: {\n\t\t\t\t\tmodelName: opts.schema?.teamMember?.modelName,\n\t\t\t\t\tfields: {\n\t\t\t\t\t\tteamId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"team\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.teamId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.userId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t} satisfies BetterAuthPluginDBSchema)\n\t\t: {};\n\n\tconst organizationRoleSchema = opts.dynamicAccessControl?.enabled\n\t\t? ({\n\t\t\t\torganizationRole: {\n\t\t\t\t\tfields: {\n\t\t\t\t\t\torganizationId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.organizationId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\trole: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.role,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.permission,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tdefaultValue: () => new Date(),\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.updatedAt,\n\t\t\t\t\t\t\tonUpdate: () => new Date(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t...(opts.schema?.organizationRole?.additionalFields \|\| {}),\n\t\t\t\t\t},\n\t\t\t\t\tmodelName: opts.schema?.organizationRole?.modelName,\n\t\t\t\t},\n\t\t\t} satisfies BetterAuthPluginDBSchema)\n\t\t: {};\n\n\tconst schema = {\n\t\t...({\n\t\t\torganization: {\n\t\t\t\tmodelName: opts.schema?.organization?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.name,\n\t\t\t\t\t},\n\t\t\t\t\tslug: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.slug,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\tlogo: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.logo,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.createdAt,\n\t\t\t\t\t},\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.metadata,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.organization?.additionalFields \|\| {}),\n\t\t\t\t},\n\t\t\t},\n\t\t} satisfies BetterAuthPluginDBSchema),\n\t\t...organizationRoleSchema,\n\t\t...teamSchema,\n\t\t...({\n\t\t\tmember: {\n\t\t\t\tmodelName: opts.schema?.member?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.organizationId,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.userId,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tdefaultValue: \"member\",\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.role,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.createdAt,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.member?.additionalFields \|\| {}),\n\t\t\t\t},\n\t\t\t},\n\t\t\tinvitation: {\n\t\t\t\tmodelName: opts.schema?.invitation?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.organizationId,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.email,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.role,\n\t\t\t\t\t},\n\t\t\t\t\t...(teamSupport\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tteamId: {\n\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.teamId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t\tstatus: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tdefaultValue: \"pending\",\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.status,\n\t\t\t\t\t},\n\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.expiresAt,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.createdAt,\n\t\t\t\t\t\tdefaultValue: () => new Date(),\n\t\t\t\t\t},\n\t\t\t\t\tinviterId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.inviterId,\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.invitation?.additionalFields \|\| {}),\n\t\t\t\t},\n\t\t\t},\n\t\t} satisfies BetterAuthPluginDBSchema),\n\t};\n\n\t/\n\t the orgMiddleware type-asserts an empty object representing org options, roles, and a getSession function.\n\t * This `shimContext` function is used to add those missing properties to the context object.\n\t */\n\tconst api = shimContext(endpoints, {\n\t\torgOptions: opts,\n\t\troles,\n\t\tgetSession: async (context: AuthContext) => {\n\t\t\t//@ts-expect-error\n\t\t\treturn await getSessionFromCtx(context);\n\t\t},\n\t});\n\n\treturn {\n\t\tid: \"organization\",\n\t\tendpoints: {\n\t\t\t...(api as OrganizationEndpoints<O>),\n\t\t\thasPermission: createHasPermission(opts),\n\t\t},\n\t\tschema: {\n\t\t\t...(schema as BetterAuthPluginDBSchema),\n\t\t\tsession: {\n\t\t\t\tfields: {\n\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.session?.fields?.activeOrganizationId,\n\t\t\t\t\t},\n\t\t\t\t\t...(teamSupport\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tactiveTeamId: {\n\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\t\tfieldName: opts.schema?.session?.fields?.activeTeamId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t} as unknown as O[\"teams\"] extends {\n\t\t\t\t\tenabled: true;\n\t\t\t\t}\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tactiveTeamId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t$Infer: {\n\t\t\tOrganization: {} as InferOrganization<O>,\n\t\t\tInvitation: {} as InferInvitation<O>,\n\t\t\tMember: {} as InferMember<O>,\n\t\t\tTeam: teamSupport ? ({} as Team) : ({} as never),\n\t\t\tTeamMember: teamSupport ? ({} as TeamMember) : ({} as never),\n\t\t\tActiveOrganization: {} as O[\"teams\"] extends { enabled: true }\n\t\t\t\t? {\n\t\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t\t} & InferOrganization<O, false>\n\t\t\t\t: {\n\t\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\t} & InferOrganization<O, false>,\n\t\t},\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t\toptions: opts as NoInfer<O>,\n\t} satisfies BetterAuthPlugin;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAgHA,SAAgB,WAAW,OAAkC;AAC5D,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAgDjD,MAAM,gCAAgC,EACpC,OAAO,EACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,EACrC,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;AAEF,MAAM,uBAAsD,YAAe;AAe1E,QAAO,mBACN,gCACA;EACC,QAAQ;EACR,gBAAgB;EAChB,MAAM;EACN,KAAK,CAAC,qBAAqB;EAC3B,UAAU;GACT,QAAQ,EACP,MAAM,EAAE,EAGR;GACD,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,YAAY;OACX,MAAM;OACN,aAAa;OACb,YAAY;OACZ;MACD,aAAa;OACZ,MAAM;OACN,aAAa;OACb;MACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,uBACL,IAAI,KAAK,kBACT,IAAI,QAAQ,QAAQ,QAAQ;AAC7B,MAAI,CAAC,qBACJ,OAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;EAGF,MAAM,SAAS,MADC,cAAiB,IAAI,SAAS,QAAQ,CACzB,kBAAkB;GAC9C,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,gBAAgB;GAChB,CAAC;AACF,MAAI,CAAC,OACJ,OAAM,SAAS,KACd,gBACA,yBAAyB,yCACzB;EAEF,MAAM,SAAS,MAAM,cACpB;GACC,MAAM,OAAO;GACJ;GACT,aAAa,IAAI,KAAK;GACtB,gBAAgB;GAChB,EACD,IACA;AAED,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH;;AAqJF,SAAgB,aAA4C,SAAa;CACxE,MAAM,OAAQ,WAAW,EAAE;CAC3B,IAAI,YAAY;EAgBf,oBAAoB,mBAAmB,KAAK;EAgB5C,oBAAoB,mBAAmB,KAAK;EAgB5C,oBAAoB,mBAAmB,KAAK;EAgB5C,uBAAuB,sBAAsB,KAAK;EAgBlD,qBAAqB,oBAAoB,KAAK;EAgB9C,mBAAmB,kBAAkB,KAAK;EAgB1C,kBAAkB,iBAAiB,KAAK;EAgBxC,kBAAkB,iBAAiB,KAAK;EAgBxC,kBAAkB,iBAAiB,KAAK;EAgBxC,eAAe,cAAc,KAAK;EAgBlC,kBAAkB,iBAAiB,KAAK;EAgBxC,iBAAiB,gBAAgB,KAAK;EAgBtC,iBAAiB,gBAAgB,KAAK;EAgBtC,uBAAuB,sBAAsB,KAAK;EAclD,WAAW,UAAa,KAAK;EAgB7B,cAAc,aAAa,KAAK;EAgBhC,kBAAkB,iBAAiB,KAAK;EAgBxC,mBAAmB,kBAAkB,KAAK;EAC1C,qBAAqB,oBAAoB,KAAK;EAc9C,aAAa,YAAY,KAAK;EAgB9B,qBAAqB,oBAAoB,KAAK;EAC9C;CACD,MAAM,cAAc,KAAK,OAAO;CAChC,MAAM,gBAAgB;EAgBrB,YAAY,WAAW,KAAK;EAgB5B,uBAAuB,sBAAsB,KAAK;EAgBlD,YAAY,WAAW,KAAK;EAgB5B,YAAY,WAAW,KAAK;EAgB5B,eAAe,cAAc,KAAK;EAgBlC,eAAe,cAAc,KAAK;EAgBlC,iBAAiB,gBAAgB,KAAK;EAgBtC,eAAe,cAAc,KAAK;EAgBlC,kBAAkB,iBAAiB,KAAK;EACxC;AACD,KAAI,YACH,aAAY;EACX,GAAG;EACH,GAAG;EACH;CAGF,MAAM,gCAAgC;EACrC,eAAe,cAAc,KAAK;EAClC,eAAe,cAAc,KAAK;EAClC,cAAc,aAAa,KAAK;EAChC,YAAY,WAAW,KAAK;EAC5B,eAAe,cAAc,KAAK;EAClC;AACD,KAAI,KAAK,sBAAsB,QAC9B,aAAY;EACX,GAAG;EACH,GAAG;EACH;CAEF,MAAM,QAAQ;EACb,GAAG;EACH,GAAG,KAAK;EACR;CAGD,MAAM,aAAa,cACf;EACD,MAAM;GACL,WAAW,KAAK,QAAQ,MAAM;GAC9B,QAAQ;IACP,MAAM;KACL,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC;IACD,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC,OAAO;KACP;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC,gCAAgB,IAAI,MAAM;KAC1B;IACD,GAAI,KAAK,QAAQ,MAAM,oBAAoB,EAAE;IAC7C;GACD;EACD,YAAY;GACX,WAAW,KAAK,QAAQ,YAAY;GACpC,QAAQ;IACP,QAAQ;KACP,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,QAAQ;KACP,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD;GACD;EACD,GACA,EAAE;CAEL,MAAM,yBAAyB,KAAK,sBAAsB,UACtD,EACD,kBAAkB;EACjB,QAAQ;GACP,gBAAgB;IACf,MAAM;IACN,UAAU;IACV,YAAY;KACX,OAAO;KACP,OAAO;KACP;IACD,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,OAAO;IACP;GACD,MAAM;IACL,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,OAAO;IACP;GACD,YAAY;IACX,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD;GACD,WAAW;IACV,MAAM;IACN,UAAU;IACV,oCAAoB,IAAI,MAAM;IAC9B,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD;GACD,WAAW;IACV,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,gCAAgB,IAAI,MAAM;IAC1B;GACD,GAAI,KAAK,QAAQ,kBAAkB,oBAAoB,EAAE;GACzD;EACD,WAAW,KAAK,QAAQ,kBAAkB;EAC1C,EACD,GACA,EAAE;CAEL,MAAM,SAAS;EAEb,cAAc;GACb,WAAW,KAAK,QAAQ,cAAc;GACtC,QAAQ;IACP,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,QAAQ;KACR,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,UAAU;KACT,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,GAAI,KAAK,QAAQ,cAAc,oBAAoB,EAAE;IACrD;GACD;EAEF,GAAG;EACH,GAAG;EAEF,QAAQ;GACP,WAAW,KAAK,QAAQ,QAAQ;GAChC,QAAQ;IACP,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC,OAAO;KACP;IACD,QAAQ;KACP,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,cAAc;KACd,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC;IACD,GAAI,KAAK,QAAQ,QAAQ,oBAAoB,EAAE;IAC/C;GACD;EACD,YAAY;GACX,WAAW,KAAK,QAAQ,YAAY;GACpC,QAAQ;IACP,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,OAAO;KACN,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,GAAI,cACD,EACA,QAAQ;KACP,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,EACD,GACA,EAAE;IACL,QAAQ;KACP,MAAM;KACN,UAAU;KACV,UAAU;KACV,cAAc;KACd,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,oCAAoB,IAAI,MAAM;KAC9B;IACD,WAAW;KACV,MAAM;KACN,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,UAAU;KACV;IACD,GAAI,KAAK,QAAQ,YAAY,oBAAoB,EAAE;IACnD;GACD;EAEF;AAeD,QAAO;EACN,IAAI;EACJ,WAAW;GACV,GAZU,YAAY,WAAW;IAClC,YAAY;IACZ;IACA,YAAY,OAAO,YAAyB;AAE3C,YAAO,MAAM,kBAAkB,QAAQ;;IAExC,CAAC;GAMA,eAAe,oBAAoB,KAAK;GACxC;EACD,QAAQ;GACP,GAAI;GACJ,SAAS,EACR,QAAQ;IACP,sBAAsB;KACrB,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,SAAS,QAAQ;KACzC;IACD,GAAI,cACD,EACA,cAAc;KACb,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,SAAS,QAAQ;KACzC,EACD,GACA,EAAE;IACL,EAmBD;GACD;EACD,QAAQ;GACP,cAAc,EAAE;GAChB,YAAY,EAAE;GACd,QAAQ,EAAE;GACV,MAAM,cAAe,EAAE,GAAa,EAAE;GACtC,YAAY,cAAe,EAAE,GAAmB,EAAE;GAClD,oBAAoB,EAAE;GAUtB;EACD,cAAc;EACd,SAAS;EACT"}
1	+ {"version":3,"file":"organization.mjs","names":[],"sources":["../../../src/plugins/organization/organization.ts"],"sourcesContent":["import type { AuthContext, BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\nimport { APIError } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport { shimContext } from \"../../utils/shim\";\nimport type { AccessControl, ArrayElement } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { defaultRoles } from \"./access\";\nimport { getOrgAdapter } from \"./adapter\";\nimport { orgSessionMiddleware } from \"./call\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport {\n\tcreateOrgRole,\n\tdeleteOrgRole,\n\tgetOrgRole,\n\tlistOrgRoles,\n\tupdateOrgRole,\n} from \"./routes/crud-access-control\";\nimport {\n\tacceptInvitation,\n\tcancelInvitation,\n\tcreateInvitation,\n\tgetInvitation,\n\tlistInvitations,\n\tlistUserInvitations,\n\trejectInvitation,\n} from \"./routes/crud-invites\";\nimport {\n\taddMember,\n\tgetActiveMember,\n\tgetActiveMemberRole,\n\tleaveOrganization,\n\tlistMembers,\n\tremoveMember,\n\tupdateMemberRole,\n} from \"./routes/crud-members\";\nimport {\n\tcheckOrganizationSlug,\n\tcreateOrganization,\n\tdeleteOrganization,\n\tgetFullOrganization,\n\tlistOrganizations,\n\tsetActiveOrganization,\n\tupdateOrganization,\n} from \"./routes/crud-org\";\nimport {\n\taddTeamMember,\n\tcreateTeam,\n\tlistOrganizationTeams,\n\tlistTeamMembers,\n\tlistUserTeams,\n\tremoveTeam,\n\tremoveTeamMember,\n\tsetActiveTeam,\n\tupdateTeam,\n} from \"./routes/crud-team\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tOrganizationSchema,\n\tTeam,\n\tTeamMember,\n} from \"./schema\";\nimport type { OrganizationOptions } from \"./types\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\torganization: {\n\t\t\tcreator: OrganizationCreator;\n\t\t};\n\t}\n}\n\nexport { hasPermission } from \"./has-permission\";\nexport type { OrganizationOptions } from \"./types\";\n\nexport type DefaultOrganizationPlugin<Options extends OrganizationOptions> = {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<Options>;\n\tschema: OrganizationSchema<Options>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<Options>;\n\t\tInvitation: InferInvitation<Options>;\n\t\tMember: InferMember<Options>;\n\t\tTeam: Options[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: Options[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: Options[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<Options, false>[];\n\t\t\t\t\tinvitations: InferInvitation<Options, false>[];\n\t\t\t\t\tteams: InferTeam<Options, false>[];\n\t\t\t\t} & InferOrganization<Options, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<Options, false>[];\n\t\t\t\t\tinvitations: InferInvitation<Options, false>[];\n\t\t\t\t} & InferOrganization<Options, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<Options>;\n};\n\nexport interface OrganizationCreator {\n\t<Options extends OrganizationOptions>(\n\t\toptions?: Options \| undefined,\n\t): DefaultOrganizationPlugin<Options>;\n}\n\nexport function parseRoles(roles: string \| string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nexport type DynamicAccessControlEndpoints<O extends OrganizationOptions> = {\n\tcreateOrgRole: ReturnType<typeof createOrgRole<O>>;\n\tdeleteOrgRole: ReturnType<typeof deleteOrgRole<O>>;\n\tlistOrgRoles: ReturnType<typeof listOrgRoles<O>>;\n\tgetOrgRole: ReturnType<typeof getOrgRole<O>>;\n\tupdateOrgRole: ReturnType<typeof updateOrgRole<O>>;\n};\n\nexport type TeamEndpoints<O extends OrganizationOptions> = {\n\tcreateTeam: ReturnType<typeof createTeam<O>>;\n\tlistOrganizationTeams: ReturnType<typeof listOrganizationTeams<O>>;\n\tremoveTeam: ReturnType<typeof removeTeam<O>>;\n\tupdateTeam: ReturnType<typeof updateTeam<O>>;\n\tsetActiveTeam: ReturnType<typeof setActiveTeam<O>>;\n\tlistUserTeams: ReturnType<typeof listUserTeams<O>>;\n\tlistTeamMembers: ReturnType<typeof listTeamMembers<O>>;\n\taddTeamMember: ReturnType<typeof addTeamMember<O>>;\n\tremoveTeamMember: ReturnType<typeof removeTeamMember<O>>;\n};\n\nexport type OrganizationEndpoints<O extends OrganizationOptions> = {\n\tcreateOrganization: ReturnType<typeof createOrganization<O>>;\n\tupdateOrganization: ReturnType<typeof updateOrganization<O>>;\n\tdeleteOrganization: ReturnType<typeof deleteOrganization<O>>;\n\tsetActiveOrganization: ReturnType<typeof setActiveOrganization<O>>;\n\tgetFullOrganization: ReturnType<typeof getFullOrganization<O>>;\n\tlistOrganizations: ReturnType<typeof listOrganizations<O>>;\n\tcreateInvitation: ReturnType<typeof createInvitation<O>>;\n\tcancelInvitation: ReturnType<typeof cancelInvitation<O>>;\n\tacceptInvitation: ReturnType<typeof acceptInvitation<O>>;\n\tgetInvitation: ReturnType<typeof getInvitation<O>>;\n\trejectInvitation: ReturnType<typeof rejectInvitation<O>>;\n\tlistInvitations: ReturnType<typeof listInvitations<O>>;\n\tgetActiveMember: ReturnType<typeof getActiveMember<O>>;\n\tcheckOrganizationSlug: ReturnType<typeof checkOrganizationSlug<O>>;\n\taddMember: ReturnType<typeof addMember<O>>;\n\tremoveMember: ReturnType<typeof removeMember<O>>;\n\tupdateMemberRole: ReturnType<typeof updateMemberRole<O>>;\n\tleaveOrganization: ReturnType<typeof leaveOrganization<O>>;\n\tlistUserInvitations: ReturnType<typeof listUserInvitations<O>>;\n\tlistMembers: ReturnType<typeof listMembers<O>>;\n\tgetActiveMemberRole: ReturnType<typeof getActiveMemberRole<O>>;\n\thasPermission: ReturnType<typeof createHasPermission<O>>;\n};\n\nconst createHasPermissionBodySchema = z\n\t.object({\n\t\torganizationId: z.string().optional(),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\nconst createHasPermission = <O extends OrganizationOptions>(options: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/organization/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t\tbody: createHasPermissionBodySchema,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\torganizationId?: string \| undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t\tdeprecated: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst activeOrganizationId =\n\t\t\t\tctx.body.organizationId \|\|\n\t\t\t\tctx.context.session.session.activeOrganizationId;\n\t\t\tif (!activeOrganizationId) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst adapter = getOrgAdapter<O>(ctx.context, options);\n\t\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\torganizationId: activeOrganizationId,\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst result = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\trole: member.role,\n\t\t\t\t\toptions: options,\n\t\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t\t\torganizationId: activeOrganizationId,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n\nexport type OrganizationPlugin<O extends OrganizationOptions> = {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> &\n\t\t(O extends { teams: { enabled: true } } ? TeamEndpoints<O> : {}) &\n\t\t(O extends { dynamicAccessControl: { enabled: true } }\n\t\t\t? DynamicAccessControlEndpoints<O>\n\t\t\t: {});\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\n\n/*\n Organization plugin for Better Auth. Organization allows you to create teams, members,\n * and manage access control for your users.\n \n @example\n * ```ts\n * const auth = betterAuth({\n * plugins: [\n * organization({\n * allowUserToCreateOrganization: true,\n * }),\n * ],\n * });\n * ```\n /\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tteams: { enabled: true };\n\t\tdynamicAccessControl?:\n\t\t\t\| {\n\t\t\t\t\tenabled?: false \| undefined;\n\t\t\t }\n\t\t\t\| undefined;\n\t},\n>(\n\toptions?: O \| undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> & TeamEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tteams: { enabled: true };\n\t\tdynamicAccessControl: { enabled: true };\n\t},\n>(\n\toptions?: O \| undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> &\n\t\tTeamEndpoints<O> &\n\t\tDynamicAccessControlEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tdynamicAccessControl: { enabled: true };\n\t\tteams?: { enabled?: false \| undefined } \| undefined;\n\t},\n>(\n\toptions?: O \| undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> & DynamicAccessControlEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<O extends OrganizationOptions>(\n\toptions?: O \| undefined,\n): DefaultOrganizationPlugin<O>;\nexport function organization<O extends OrganizationOptions>(options?: O) {\n\tconst opts = (options \|\| {}) as O;\n\tlet endpoints = {\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/create`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.createOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.create`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-create)\n\t\t /\n\t\tcreateOrganization: createOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/update`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.updateOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.update`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update)\n\t\t /\n\t\tupdateOrganization: updateOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/delete`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.deleteOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.delete`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-delete)\n\t\t /\n\t\tdeleteOrganization: deleteOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/set-active`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.setActiveOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.setActive`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-set-active)\n\t\t /\n\t\tsetActiveOrganization: setActiveOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-full-organization`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getFullOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getFullOrganization`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-full-organization)\n\t\t /\n\t\tgetFullOrganization: getFullOrganization(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listOrganizations`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.list`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list)\n\t\t /\n\t\tlistOrganizations: listOrganizations(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/invite-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.createInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.inviteMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-invite-member)\n\t\t /\n\t\tcreateInvitation: createInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/cancel-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.cancelInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.cancelInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-cancel-invitation)\n\t\t /\n\t\tcancelInvitation: cancelInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/accept-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.acceptInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.acceptInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-accept-invitation)\n\t\t /\n\t\tacceptInvitation: acceptInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-invitation)\n\t\t /\n\t\tgetInvitation: getInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/reject-invitation`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.rejectInvitation`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.rejectInvitation`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-reject-invitation)\n\t\t /\n\t\trejectInvitation: rejectInvitation(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-invitations`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listInvitations`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listInvitations`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list-invitations)\n\t\t /\n\t\tlistInvitations: listInvitations(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-active-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getActiveMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getActiveMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-active-member)\n\t\t /\n\t\tgetActiveMember: getActiveMember(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/check-slug`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.checkOrganizationSlug`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.checkSlug`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-check-slug)\n\t\t /\n\t\tcheckOrganizationSlug: checkOrganizationSlug(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/add-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.addMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-add-member)\n\t\t /\n\n\t\taddMember: addMember<O>(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/remove-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.removeMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.removeMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-remove-member)\n\t\t /\n\t\tremoveMember: removeMember(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/update-member-role`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.updateMemberRole`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.updateMemberRole`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update-member-role)\n\t\t /\n\t\tupdateMemberRole: updateMemberRole(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/leave`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.leaveOrganization`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.leave`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-leave)\n\t\t /\n\t\tleaveOrganization: leaveOrganization(opts),\n\t\tlistUserInvitations: listUserInvitations(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-members`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listMembers`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listMembers`\n\t\t /\n\t\tlistMembers: listMembers(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/get-active-member-role`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.getActiveMemberRole`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.getActiveMemberRole`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-active-member-role)\n\t\t /\n\t\tgetActiveMemberRole: getActiveMemberRole(opts),\n\t};\n\tconst teamSupport = opts.teams?.enabled;\n\tconst teamEndpoints = {\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/create-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.createTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.createTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-create-team)\n\t\t /\n\t\tcreateTeam: createTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-teams`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listOrganizationTeams`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listTeams`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list-teams)\n\t\t /\n\t\tlistOrganizationTeams: listOrganizationTeams(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/remove-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.removeTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.removeTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-remove-team)\n\t\t /\n\t\tremoveTeam: removeTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/update-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.updateTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.updateTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update-team)\n\t\t /\n\t\tupdateTeam: updateTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/set-active-team`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.setActiveTeam`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.setActiveTeam`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t /\n\t\tsetActiveTeam: setActiveTeam(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t GET `/organization/list-user-teams`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listUserTeams`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listUserTeams`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t /\n\t\tlistUserTeams: listUserTeams(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/list-team-members`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.listTeamMembers`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.listTeamMembers`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t /\n\t\tlistTeamMembers: listTeamMembers(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/add-team-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.addTeamMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.addTeamMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-add-team-member)\n\t\t /\n\t\taddTeamMember: addTeamMember(opts),\n\t\t/\n\t\t ### Endpoint\n\t\t \n\t\t POST `/organization/remove-team-member`\n\t\t \n\t\t ### API Methods\n\t\t \n\t\t server:\n\t\t * `auth.api.removeTeamMember`\n\t\t \n\t\t client:\n\t\t * `authClient.organization.removeTeamMember`\n\t\t \n\t\t @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-remove-team-member)\n\t\t /\n\t\tremoveTeamMember: removeTeamMember(opts),\n\t};\n\tif (teamSupport) {\n\t\tendpoints = {\n\t\t\t...endpoints,\n\t\t\t...teamEndpoints,\n\t\t};\n\t}\n\n\tconst dynamicAccessControlEndpoints = {\n\t\tcreateOrgRole: createOrgRole(opts),\n\t\tdeleteOrgRole: deleteOrgRole(opts),\n\t\tlistOrgRoles: listOrgRoles(opts),\n\t\tgetOrgRole: getOrgRole(opts),\n\t\tupdateOrgRole: updateOrgRole(opts),\n\t};\n\tif (opts.dynamicAccessControl?.enabled) {\n\t\tendpoints = {\n\t\t\t...endpoints,\n\t\t\t...dynamicAccessControlEndpoints,\n\t\t};\n\t}\n\tconst roles = {\n\t\t...defaultRoles,\n\t\t...opts.roles,\n\t};\n\n\t// Build team schema in a way that never introduces undefined values when spreading\n\tconst teamSchema = teamSupport\n\t\t? ({\n\t\t\t\tteam: {\n\t\t\t\t\tmodelName: opts.schema?.team?.modelName,\n\t\t\t\t\tfields: {\n\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\torganizationId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.organizationId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.updatedAt,\n\t\t\t\t\t\t\tonUpdate: () => new Date(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t...(opts.schema?.team?.additionalFields \|\| {}),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tteamMember: {\n\t\t\t\t\tmodelName: opts.schema?.teamMember?.modelName,\n\t\t\t\t\tfields: {\n\t\t\t\t\t\tteamId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"team\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.teamId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.userId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t} satisfies BetterAuthPluginDBSchema)\n\t\t: {};\n\n\tconst organizationRoleSchema = opts.dynamicAccessControl?.enabled\n\t\t? ({\n\t\t\t\torganizationRole: {\n\t\t\t\t\tfields: {\n\t\t\t\t\t\torganizationId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.organizationId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\trole: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.role,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.permission,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tdefaultValue: () => new Date(),\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.updatedAt,\n\t\t\t\t\t\t\tonUpdate: () => new Date(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t...(opts.schema?.organizationRole?.additionalFields \|\| {}),\n\t\t\t\t\t},\n\t\t\t\t\tmodelName: opts.schema?.organizationRole?.modelName,\n\t\t\t\t},\n\t\t\t} satisfies BetterAuthPluginDBSchema)\n\t\t: {};\n\n\tconst schema = {\n\t\t...({\n\t\t\torganization: {\n\t\t\t\tmodelName: opts.schema?.organization?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.name,\n\t\t\t\t\t},\n\t\t\t\t\tslug: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.slug,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\tlogo: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.logo,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.createdAt,\n\t\t\t\t\t},\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.metadata,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.organization?.additionalFields \|\| {}),\n\t\t\t\t},\n\t\t\t},\n\t\t} satisfies BetterAuthPluginDBSchema),\n\t\t...organizationRoleSchema,\n\t\t...teamSchema,\n\t\t...({\n\t\t\tmember: {\n\t\t\t\tmodelName: opts.schema?.member?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.organizationId,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.userId,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tdefaultValue: \"member\",\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.role,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.createdAt,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.member?.additionalFields \|\| {}),\n\t\t\t\t},\n\t\t\t},\n\t\t\tinvitation: {\n\t\t\t\tmodelName: opts.schema?.invitation?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.organizationId,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.email,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.role,\n\t\t\t\t\t},\n\t\t\t\t\t...(teamSupport\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tteamId: {\n\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.teamId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t\tstatus: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tdefaultValue: \"pending\",\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.status,\n\t\t\t\t\t},\n\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.expiresAt,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.createdAt,\n\t\t\t\t\t\tdefaultValue: () => new Date(),\n\t\t\t\t\t},\n\t\t\t\t\tinviterId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.inviterId,\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.invitation?.additionalFields \|\| {}),\n\t\t\t\t},\n\t\t\t},\n\t\t} satisfies BetterAuthPluginDBSchema),\n\t};\n\n\t/\n\t the orgMiddleware type-asserts an empty object representing org options, roles, and a getSession function.\n\t * This `shimContext` function is used to add those missing properties to the context object.\n\t */\n\tconst api = shimContext(endpoints, {\n\t\torgOptions: opts,\n\t\troles,\n\t\tgetSession: async (context: AuthContext) => {\n\t\t\t//@ts-expect-error\n\t\t\treturn await getSessionFromCtx(context);\n\t\t},\n\t});\n\n\treturn {\n\t\tid: \"organization\",\n\t\tendpoints: {\n\t\t\t...(api as OrganizationEndpoints<O>),\n\t\t\thasPermission: createHasPermission(opts),\n\t\t},\n\t\tschema: {\n\t\t\t...(schema as BetterAuthPluginDBSchema),\n\t\t\tsession: {\n\t\t\t\tfields: {\n\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.session?.fields?.activeOrganizationId,\n\t\t\t\t\t},\n\t\t\t\t\t...(teamSupport\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tactiveTeamId: {\n\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\t\tfieldName: opts.schema?.session?.fields?.activeTeamId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t} as unknown as O[\"teams\"] extends {\n\t\t\t\t\tenabled: true;\n\t\t\t\t}\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tactiveTeamId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t$Infer: {\n\t\t\tOrganization: {} as InferOrganization<O>,\n\t\t\tInvitation: {} as InferInvitation<O>,\n\t\t\tMember: {} as InferMember<O>,\n\t\t\tTeam: teamSupport ? ({} as Team) : ({} as never),\n\t\t\tTeamMember: teamSupport ? ({} as TeamMember) : ({} as never),\n\t\t\tActiveOrganization: {} as O[\"teams\"] extends { enabled: true }\n\t\t\t\t? {\n\t\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t\t} & InferOrganization<O, false>\n\t\t\t\t: {\n\t\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\t} & InferOrganization<O, false>,\n\t\t},\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t\toptions: opts as NoInfer<O>,\n\t} satisfies BetterAuthPlugin;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAgHA,SAAgB,WAAW,OAAkC;AAC5D,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAgDjD,MAAM,gCAAgC,EACpC,OAAO,EACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,EACrC,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;AAEF,MAAM,uBAAsD,YAAe;AAe1E,QAAO,mBACN,gCACA;EACC,QAAQ;EACR,gBAAgB;EAChB,MAAM;EACN,KAAK,CAAC,qBAAqB;EAC3B,UAAU;GACT,QAAQ,EACP,MAAM,EAAE,EAGR;GACD,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,YAAY;OACX,MAAM;OACN,aAAa;OACb,YAAY;OACZ;MACD,aAAa;OACZ,MAAM;OACN,aAAa;OACb;MACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,uBACL,IAAI,KAAK,kBACT,IAAI,QAAQ,QAAQ,QAAQ;AAC7B,MAAI,CAAC,qBACJ,OAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;EAGF,MAAM,SAAS,MADC,cAAiB,IAAI,SAAS,QAAQ,CACzB,kBAAkB;GAC9C,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,gBAAgB;GAChB,CAAC;AACF,MAAI,CAAC,OACJ,OAAM,SAAS,KACd,gBACA,yBAAyB,yCACzB;EAEF,MAAM,SAAS,MAAM,cACpB;GACC,MAAM,OAAO;GACJ;GACT,aAAa,IAAI,KAAK;GACtB,gBAAgB;GAChB,EACD,IACA;AAED,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH;;AAqJF,SAAgB,aAA4C,SAAa;CACxE,MAAM,OAAQ,WAAW,EAAE;CAC3B,IAAI,YAAY;EAgBf,oBAAoB,mBAAmB,KAAK;EAgB5C,oBAAoB,mBAAmB,KAAK;EAgB5C,oBAAoB,mBAAmB,KAAK;EAgB5C,uBAAuB,sBAAsB,KAAK;EAgBlD,qBAAqB,oBAAoB,KAAK;EAgB9C,mBAAmB,kBAAkB,KAAK;EAgB1C,kBAAkB,iBAAiB,KAAK;EAgBxC,kBAAkB,iBAAiB,KAAK;EAgBxC,kBAAkB,iBAAiB,KAAK;EAgBxC,eAAe,cAAc,KAAK;EAgBlC,kBAAkB,iBAAiB,KAAK;EAgBxC,iBAAiB,gBAAgB,KAAK;EAgBtC,iBAAiB,gBAAgB,KAAK;EAgBtC,uBAAuB,sBAAsB,KAAK;EAclD,WAAW,UAAa,KAAK;EAgB7B,cAAc,aAAa,KAAK;EAgBhC,kBAAkB,iBAAiB,KAAK;EAgBxC,mBAAmB,kBAAkB,KAAK;EAC1C,qBAAqB,oBAAoB,KAAK;EAc9C,aAAa,YAAY,KAAK;EAgB9B,qBAAqB,oBAAoB,KAAK;EAC9C;CACD,MAAM,cAAc,KAAK,OAAO;CAChC,MAAM,gBAAgB;EAgBrB,YAAY,WAAW,KAAK;EAgB5B,uBAAuB,sBAAsB,KAAK;EAgBlD,YAAY,WAAW,KAAK;EAgB5B,YAAY,WAAW,KAAK;EAgB5B,eAAe,cAAc,KAAK;EAgBlC,eAAe,cAAc,KAAK;EAgBlC,iBAAiB,gBAAgB,KAAK;EAgBtC,eAAe,cAAc,KAAK;EAgBlC,kBAAkB,iBAAiB,KAAK;EACxC;AACD,KAAI,YACH,aAAY;EACX,GAAG;EACH,GAAG;EACH;CAGF,MAAM,gCAAgC;EACrC,eAAe,cAAc,KAAK;EAClC,eAAe,cAAc,KAAK;EAClC,cAAc,aAAa,KAAK;EAChC,YAAY,WAAW,KAAK;EAC5B,eAAe,cAAc,KAAK;EAClC;AACD,KAAI,KAAK,sBAAsB,QAC9B,aAAY;EACX,GAAG;EACH,GAAG;EACH;CAEF,MAAM,QAAQ;EACb,GAAG;EACH,GAAG,KAAK;EACR;CAGD,MAAM,aAAa,cACf;EACD,MAAM;GACL,WAAW,KAAK,QAAQ,MAAM;GAC9B,QAAQ;IACP,MAAM;KACL,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC;IACD,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC,OAAO;KACP;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC,gCAAgB,IAAI,MAAM;KAC1B;IACD,GAAI,KAAK,QAAQ,MAAM,oBAAoB,EAAE;IAC7C;GACD;EACD,YAAY;GACX,WAAW,KAAK,QAAQ,YAAY;GACpC,QAAQ;IACP,QAAQ;KACP,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,QAAQ;KACP,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD;GACD;EACD,GACA,EAAE;CAEL,MAAM,yBAAyB,KAAK,sBAAsB,UACtD,EACD,kBAAkB;EACjB,QAAQ;GACP,gBAAgB;IACf,MAAM;IACN,UAAU;IACV,YAAY;KACX,OAAO;KACP,OAAO;KACP;IACD,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,OAAO;IACP;GACD,MAAM;IACL,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,OAAO;IACP;GACD,YAAY;IACX,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD;GACD,WAAW;IACV,MAAM;IACN,UAAU;IACV,oCAAoB,IAAI,MAAM;IAC9B,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD;GACD,WAAW;IACV,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,gCAAgB,IAAI,MAAM;IAC1B;GACD,GAAI,KAAK,QAAQ,kBAAkB,oBAAoB,EAAE;GACzD;EACD,WAAW,KAAK,QAAQ,kBAAkB;EAC1C,EACD,GACA,EAAE;CAEL,MAAM,SAAS;EAEb,cAAc;GACb,WAAW,KAAK,QAAQ,cAAc;GACtC,QAAQ;IACP,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,QAAQ;KACR,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,UAAU;KACT,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,GAAI,KAAK,QAAQ,cAAc,oBAAoB,EAAE;IACrD;GACD;EAEF,GAAG;EACH,GAAG;EAEF,QAAQ;GACP,WAAW,KAAK,QAAQ,QAAQ;GAChC,QAAQ;IACP,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC,OAAO;KACP;IACD,QAAQ;KACP,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,cAAc;KACd,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC;IACD,GAAI,KAAK,QAAQ,QAAQ,oBAAoB,EAAE;IAC/C;GACD;EACD,YAAY;GACX,WAAW,KAAK,QAAQ,YAAY;GACpC,QAAQ;IACP,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,OAAO;KACN,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,GAAI,cACD,EACA,QAAQ;KACP,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,EACD,GACA,EAAE;IACL,QAAQ;KACP,MAAM;KACN,UAAU;KACV,UAAU;KACV,cAAc;KACd,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,oCAAoB,IAAI,MAAM;KAC9B;IACD,WAAW;KACV,MAAM;KACN,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,UAAU;KACV;IACD,GAAI,KAAK,QAAQ,YAAY,oBAAoB,EAAE;IACnD;GACD;EAEF;AAeD,QAAO;EACN,IAAI;EACJ,WAAW;GACV,GAZU,YAAY,WAAW;IAClC,YAAY;IACZ;IACA,YAAY,OAAO,YAAyB;AAE3C,YAAO,MAAM,kBAAkB,QAAQ;;IAExC,CAAC;GAMA,eAAe,oBAAoB,KAAK;GACxC;EACD,QAAQ;GACP,GAAI;GACJ,SAAS,EACR,QAAQ;IACP,sBAAsB;KACrB,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,SAAS,QAAQ;KACzC;IACD,GAAI,cACD,EACA,cAAc;KACb,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,SAAS,QAAQ;KACzC,EACD,GACA,EAAE;IACL,EAmBD;GACD;EACD,QAAQ;GACP,cAAc,EAAE;GAChB,YAAY,EAAE;GACd,QAAQ,EAAE;GACV,MAAM,cAAe,EAAE,GAAa,EAAE;GACtC,YAAY,cAAe,EAAE,GAAmB,EAAE;GAClD,oBAAoB,EAAE;GAUtB;EACD,cAAc;EACd,SAAS;EACT"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "1.5.1",
+  "version": "1.5.2",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "license": "MIT",
@@ -488,13 +488,13 @@
     "kysely": "^0.28.11",
     "nanostores": "^1.1.1",
     "zod": "^4.3.6",
-    "@better-auth/core": "1.5.1",
-    "@better-auth/drizzle-adapter": "1.5.1",
-    "@better-auth/memory-adapter": "1.5.1",
-    "@better-auth/kysely-adapter": "1.5.1",
-    "@better-auth/mongo-adapter": "1.5.1",
-    "@better-auth/prisma-adapter": "1.5.1",
-    "@better-auth/telemetry": "1.5.1"
+    "@better-auth/core": "1.5.2",
+    "@better-auth/kysely-adapter": "1.5.2",
+    "@better-auth/memory-adapter": "1.5.2",
+    "@better-auth/prisma-adapter": "1.5.2",
+    "@better-auth/mongo-adapter": "1.5.2",
+    "@better-auth/telemetry": "1.5.2",
+    "@better-auth/drizzle-adapter": "1.5.2"
   },
   "devDependencies": {
     "@lynx-js/react": "^0.116.3",