better-auth 1.5.1 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/routes/account.mjs +1 -1
- package/dist/api/routes/account.mjs.map +1 -1
- package/dist/client/index.d.mts +2 -2
- package/dist/cookies/cookie-utils.d.mts +1 -1
- package/dist/cookies/cookie-utils.mjs +23 -19
- package/dist/cookies/cookie-utils.mjs.map +1 -1
- package/dist/integrations/next-js.mjs +1 -1
- package/dist/integrations/next-js.mjs.map +1 -1
- package/dist/integrations/svelte-kit.mjs +1 -1
- package/dist/integrations/svelte-kit.mjs.map +1 -1
- package/dist/integrations/tanstack-start-solid.mjs +1 -1
- package/dist/integrations/tanstack-start-solid.mjs.map +1 -1
- package/dist/integrations/tanstack-start.mjs +1 -1
- package/dist/integrations/tanstack-start.mjs.map +1 -1
- package/dist/plugins/access/index.d.mts +2 -2
- package/dist/plugins/access/types.d.mts +2 -1
- package/dist/plugins/admin/admin.d.mts +3 -3
- package/dist/plugins/admin/client.d.mts +3 -3
- package/dist/plugins/admin/client.mjs.map +1 -1
- package/dist/plugins/admin/routes.mjs.map +1 -1
- package/dist/plugins/index.d.mts +2 -2
- package/dist/plugins/organization/client.d.mts +3 -3
- package/dist/plugins/organization/client.mjs.map +1 -1
- package/dist/plugins/organization/organization.d.mts +3 -3
- package/dist/plugins/organization/organization.mjs.map +1 -1
- package/package.json +22 -10
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account.mjs","names":[],"sources":["../../../src/api/routes/account.ts"],"sourcesContent":["import { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { Account } from \"@better-auth/core/db\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport type { OAuth2Tokens } from \"@better-auth/core/oauth2\";\nimport { SocialProviderListEnum } from \"@better-auth/core/social-providers\";\n\nimport * as z from \"zod\";\nimport { getAwaitableValue } from \"../../context/helpers\";\nimport {\n\tgetAccountCookie,\n\tsetAccountCookie,\n} from \"../../cookies/session-store\";\nimport { parseAccountOutput } from \"../../db/schema\";\nimport { generateState } from \"../../oauth2/state\";\nimport { decryptOAuthToken, setTokenUtil } from \"../../oauth2/utils\";\nimport {\n\tfreshSessionMiddleware,\n\tgetSessionFromCtx,\n\tsessionMiddleware,\n} from \"./session\";\n\nexport const listUserAccounts = createAuthEndpoint(\n\t\"/list-accounts\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"listUserAccounts\",\n\t\t\t\tdescription: \"List all accounts linked to the user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tproviderId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\taccountId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tscopes: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\"providerId\",\n\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"accountId\",\n\t\t\t\t\t\t\t\t\t\t\t\"userId\",\n\t\t\t\t\t\t\t\t\t\t\t\"scopes\",\n\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (c) => {\n\t\tconst session = c.context.session;\n\t\tconst accounts = await c.context.internalAdapter.findAccounts(\n\t\t\tsession.user.id,\n\t\t);\n\t\treturn c.json(\n\t\t\taccounts.map((a) => {\n\t\t\t\tconst { scope, ...parsed } = parseAccountOutput(c.context.options, a);\n\t\t\t\treturn {\n\t\t\t\t\t...parsed,\n\t\t\t\t\tscopes: scope?.split(\",\") || [],\n\t\t\t\t};\n\t\t\t}),\n\t\t);\n\t},\n);\n\nexport const linkSocialAccount = createAuthEndpoint(\n\t\"/link-social\",\n\t{\n\t\tmethod: \"POST\",\n\t\trequireHeaders: true,\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * Callback URL to redirect to after the user has signed in.\n\t\t\t */\n\t\t\tcallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The URL to redirect to after the user has signed in\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * OAuth2 provider to use\n\t\t\t */\n\t\t\tprovider: SocialProviderListEnum,\n\t\t\t/**\n\t\t\t * ID Token for direct authentication without redirect\n\t\t\t */\n\t\t\tidToken: z\n\t\t\t\t.object({\n\t\t\t\t\ttoken: z.string(),\n\t\t\t\t\tnonce: z.string().optional(),\n\t\t\t\t\taccessToken: z.string().optional(),\n\t\t\t\t\trefreshToken: z.string().optional(),\n\t\t\t\t\tscopes: z.array(z.string()).optional(),\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Whether to allow sign up for new users\n\t\t\t */\n\t\t\trequestSignUp: z.boolean().optional(),\n\t\t\t/**\n\t\t\t * Additional scopes to request when linking the account.\n\t\t\t * This is useful for requesting additional permissions when\n\t\t\t * linking a social account compared to the initial authentication.\n\t\t\t */\n\t\t\tscopes: z\n\t\t\t\t.array(z.string())\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Additional scopes to request from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * The URL to redirect to if there is an error during the link process.\n\t\t\t */\n\t\t\terrorCallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"The URL to redirect to if there is an error during the link process\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Disable automatic redirection to the provider\n\t\t\t *\n\t\t\t * This is useful if you want to handle the redirection\n\t\t\t * yourself like in a popup or a different tab.\n\t\t\t */\n\t\t\tdisableRedirect: z\n\t\t\t\t.boolean()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Disable automatic redirection to the provider. Useful for handling the redirection yourself\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Any additional data to pass through the oauth flow.\n\t\t\t */\n\t\t\tadditionalData: z.record(z.string(), z.any()).optional(),\n\t\t}),\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Link a social account to the user\",\n\t\t\t\toperationId: \"linkSocialAccount\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"The authorization URL to redirect the user to\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates if the user should be redirected to the authorization URL\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"redirect\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (c) => {\n\t\tconst session = c.context.session;\n\t\tconst provider = await getAwaitableValue(c.context.socialProviders, {\n\t\t\tvalue: c.body.provider,\n\t\t});\n\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Provider not found. Make sure to add the provider in your auth config\",\n\t\t\t\t{\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t},\n\t\t\t);\n\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t}\n\n\t\t// Handle ID Token flow if provided\n\t\tif (c.body.idToken) {\n\t\t\tif (!provider.verifyIdToken) {\n\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\"Provider does not support id token verification\",\n\t\t\t\t\t{\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"NOT_FOUND\",\n\t\t\t\t\tBASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { token, nonce } = c.body.idToken;\n\t\t\tconst valid = await provider.verifyIdToken(token, nonce);\n\t\t\tif (!valid) {\n\t\t\t\tc.context.logger.error(\"Invalid id token\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t\t}\n\n\t\t\tconst linkingUserInfo = await provider.getUserInfo({\n\t\t\t\tidToken: token,\n\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t});\n\n\t\t\tif (!linkingUserInfo || !linkingUserInfo?.user) {\n\t\t\t\tc.context.logger.error(\"Failed to get user info\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_GET_USER_INFO,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst linkingUserId = String(linkingUserInfo.user.id);\n\n\t\t\tif (!linkingUserInfo.user.email) {\n\t\t\t\tc.context.logger.error(\"User email not found\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.USER_EMAIL_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst existingAccounts = await c.context.internalAdapter.findAccounts(\n\t\t\t\tsession.user.id,\n\t\t\t);\n\n\t\t\tconst hasBeenLinked = existingAccounts.find(\n\t\t\t\t(a) => a.providerId === provider.id && a.accountId === linkingUserId,\n\t\t\t);\n\n\t\t\tif (hasBeenLinked) {\n\t\t\t\treturn c.json({\n\t\t\t\t\turl: \"\", // this is for type inference\n\t\t\t\t\tstatus: true,\n\t\t\t\t\tredirect: false,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst isTrustedProvider = c.context.trustedProviders.includes(\n\t\t\t\tprovider.id,\n\t\t\t);\n\t\t\tif (\n\t\t\t\t(!isTrustedProvider && !linkingUserInfo.user.emailVerified) ||\n\t\t\t\tc.context.options.account?.accountLinking?.enabled === false\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"Account not linked - linking not allowed\",\n\t\t\t\t\tcode: \"LINKING_NOT_ALLOWED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tlinkingUserInfo.user.email?.toLowerCase() !==\n\t\t\t\t\tsession.user.email.toLowerCase() &&\n\t\t\t\tc.context.options.account?.accountLinking?.allowDifferentEmails !== true\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"Account not linked - different emails not allowed\",\n\t\t\t\t\tcode: \"LINKING_DIFFERENT_EMAILS_NOT_ALLOWED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tawait c.context.internalAdapter.createAccount({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: linkingUserId,\n\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\tidToken: token,\n\t\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t\t\tscope: c.body.idToken.scopes?.join(\",\"),\n\t\t\t\t});\n\t\t\t} catch (_e: any) {\n\t\t\t\tthrow APIError.from(\"EXPECTATION_FAILED\", {\n\t\t\t\t\tmessage: \"Account not linked - unable to create account\",\n\t\t\t\t\tcode: \"LINKING_FAILED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tc.context.options.account?.accountLinking?.updateUserInfoOnLink === true\n\t\t\t) {\n\t\t\t\ttry {\n\t\t\t\t\tawait c.context.internalAdapter.updateUser(session.user.id, {\n\t\t\t\t\t\tname: linkingUserInfo.user?.name,\n\t\t\t\t\t\timage: linkingUserInfo.user?.image,\n\t\t\t\t\t});\n\t\t\t\t} catch (e: any) {\n\t\t\t\t\tconsole.warn(\"Could not update user - \" + e.toString());\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn c.json({\n\t\t\t\turl: \"\", // this is for type inference\n\t\t\t\tstatus: true,\n\t\t\t\tredirect: false,\n\t\t\t});\n\t\t}\n\n\t\t// Handle OAuth flow\n\t\tconst state = await generateState(\n\t\t\tc,\n\t\t\t{\n\t\t\t\tuserId: session.user.id,\n\t\t\t\temail: session.user.email,\n\t\t\t},\n\t\t\tc.body.additionalData,\n\t\t);\n\n\t\tconst url = await provider.createAuthorizationURL({\n\t\t\tstate: state.state,\n\t\t\tcodeVerifier: state.codeVerifier,\n\t\t\tredirectURI: `${c.context.baseURL}/callback/${provider.id}`,\n\t\t\tscopes: c.body.scopes,\n\t\t});\n\n\t\tif (!c.body.disableRedirect) {\n\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t}\n\n\t\treturn c.json({\n\t\t\turl: url.toString(),\n\t\t\tredirect: !c.body.disableRedirect,\n\t\t});\n\t},\n);\nexport const unlinkAccount = createAuthEndpoint(\n\t\"/unlink-account\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string(),\n\t\t\taccountId: z.string().optional(),\n\t\t}),\n\t\tuse: [freshSessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Unlink an account\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId } = ctx.body;\n\t\tconst accounts = await ctx.context.internalAdapter.findAccounts(\n\t\t\tctx.context.session.user.id,\n\t\t);\n\t\tif (\n\t\t\taccounts.length === 1 &&\n\t\t\t!ctx.context.options.account?.accountLinking?.allowUnlinkingAll\n\t\t) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\tBASE_ERROR_CODES.FAILED_TO_UNLINK_LAST_ACCOUNT,\n\t\t\t);\n\t\t}\n\t\tconst accountExist = accounts.find((account) =>\n\t\t\taccountId\n\t\t\t\t? account.accountId === accountId && account.providerId === providerId\n\t\t\t\t: account.providerId === providerId,\n\t\t);\n\t\tif (!accountExist) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteAccount(accountExist.id);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const getAccessToken = createAuthEndpoint(\n\t\"/get-access-token\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string().meta({\n\t\t\t\tdescription: \"The provider ID for the OAuth provider\",\n\t\t\t}),\n\t\t\taccountId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The account ID associated with the refresh token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\tuserId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The user ID associated with the account\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Get a valid access token, doing a refresh if needed\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"A Valid access token\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttokenType: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tidToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t400: {\n\t\t\t\t\t\tdescription: \"Invalid refresh token or provider configuration\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId, userId } = ctx.body || {};\n\t\tconst req = ctx.request;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (req && !session) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst resolvedUserId = session?.user?.id || userId;\n\t\tif (!resolvedUserId) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst provider = await getAwaitableValue(ctx.context.socialProviders, {\n\t\t\tvalue: providerId,\n\t\t});\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} is not supported.`,\n\t\t\t\tcode: \"PROVIDER_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tlet account: Account | undefined = undefined;\n\t\tif (\n\t\t\taccountData &&\n\t\t\tproviderId === accountData.providerId &&\n\t\t\t(!accountId || accountData.id === accountId)\n\t\t) {\n\t\t\taccount = accountData;\n\t\t} else {\n\t\t\tconst accounts =\n\t\t\t\tawait ctx.context.internalAdapter.findAccounts(resolvedUserId);\n\t\t\taccount = accounts.find((acc) =>\n\t\t\t\taccountId\n\t\t\t\t\t? acc.accountId === accountId && acc.providerId === providerId\n\t\t\t\t\t: acc.providerId === providerId,\n\t\t\t);\n\t\t}\n\n\t\tif (!account) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\ttry {\n\t\t\tlet newTokens: OAuth2Tokens | null = null;\n\t\t\tconst accessTokenExpired =\n\t\t\t\taccount.accessTokenExpiresAt &&\n\t\t\t\tnew Date(account.accessTokenExpiresAt).getTime() - Date.now() < 5_000;\n\t\t\tif (\n\t\t\t\taccount.refreshToken &&\n\t\t\t\taccessTokenExpired &&\n\t\t\t\tprovider.refreshAccessToken\n\t\t\t) {\n\t\t\t\tconst refreshToken = await decryptOAuthToken(\n\t\t\t\t\taccount.refreshToken,\n\t\t\t\t\tctx.context,\n\t\t\t\t);\n\t\t\t\tnewTokens = await provider.refreshAccessToken(refreshToken);\n\t\t\t\tconst updatedData = {\n\t\t\t\t\taccessToken: await setTokenUtil(newTokens?.accessToken, ctx.context),\n\t\t\t\t\taccessTokenExpiresAt: newTokens?.accessTokenExpiresAt,\n\t\t\t\t\trefreshToken: newTokens?.refreshToken\n\t\t\t\t\t\t? await setTokenUtil(newTokens.refreshToken, ctx.context)\n\t\t\t\t\t\t: account.refreshToken,\n\t\t\t\t\trefreshTokenExpiresAt:\n\t\t\t\t\t\tnewTokens?.refreshTokenExpiresAt ?? account.refreshTokenExpiresAt,\n\t\t\t\t\tidToken: newTokens?.idToken || account.idToken,\n\t\t\t\t};\n\t\t\t\tlet updatedAccount: Record<string, any> | null = null;\n\t\t\t\tif (account.id) {\n\t\t\t\t\tupdatedAccount = await ctx.context.internalAdapter.updateAccount(\n\t\t\t\t\t\taccount.id,\n\t\t\t\t\t\tupdatedData,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\t\t\t\tawait setAccountCookie(ctx, {\n\t\t\t\t\t\t...account,\n\t\t\t\t\t\t...(updatedAccount ?? updatedData),\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst accessTokenExpiresAt = (() => {\n\t\t\t\tif (newTokens?.accessTokenExpiresAt) {\n\t\t\t\t\tif (typeof newTokens.accessTokenExpiresAt === \"string\") {\n\t\t\t\t\t\treturn new Date(newTokens.accessTokenExpiresAt);\n\t\t\t\t\t}\n\t\t\t\t\treturn newTokens.accessTokenExpiresAt;\n\t\t\t\t}\n\t\t\t\tif (account.accessTokenExpiresAt) {\n\t\t\t\t\tif (typeof account.accessTokenExpiresAt === \"string\") {\n\t\t\t\t\t\treturn new Date(account.accessTokenExpiresAt);\n\t\t\t\t\t}\n\t\t\t\t\treturn account.accessTokenExpiresAt;\n\t\t\t\t}\n\t\t\t\treturn undefined;\n\t\t\t})();\n\n\t\t\tconst tokens = {\n\t\t\t\taccessToken:\n\t\t\t\t\tnewTokens?.accessToken ??\n\t\t\t\t\t(await decryptOAuthToken(account.accessToken ?? \"\", ctx.context)),\n\t\t\t\taccessTokenExpiresAt,\n\t\t\t\tscopes: account.scope?.split(\",\") ?? [],\n\t\t\t\tidToken: newTokens?.idToken ?? account.idToken ?? undefined,\n\t\t\t};\n\t\t\treturn ctx.json(tokens);\n\t\t} catch (_error) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Failed to get a valid access token\",\n\t\t\t\tcode: \"FAILED_TO_GET_ACCESS_TOKEN\",\n\t\t\t});\n\t\t}\n\t},\n);\n\nexport const refreshToken = createAuthEndpoint(\n\t\"/refresh-token\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string().meta({\n\t\t\t\tdescription: \"The provider ID for the OAuth provider\",\n\t\t\t}),\n\t\t\taccountId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The account ID associated with the refresh token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\tuserId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The user ID associated with the account\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Refresh the access token using a refresh token\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"Access token refreshed successfully\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttokenType: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tidToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trefreshToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trefreshTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t400: {\n\t\t\t\t\t\tdescription: \"Invalid refresh token or provider configuration\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId, userId } = ctx.body;\n\t\tconst req = ctx.request;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (req && !session) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst resolvedUserId = session?.user?.id || userId;\n\t\tif (!resolvedUserId) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Either userId or session is required`,\n\t\t\t\tcode: \"USER_ID_OR_SESSION_REQUIRED\",\n\t\t\t});\n\t\t}\n\t\tconst provider = await getAwaitableValue(ctx.context.socialProviders, {\n\t\t\tvalue: providerId,\n\t\t});\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} is not supported.`,\n\t\t\t\tcode: \"PROVIDER_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\t\tif (!provider.refreshAccessToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} does not support token refreshing.`,\n\t\t\t\tcode: \"TOKEN_REFRESH_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\n\t\t// Try to read refresh token from cookie first\n\t\tlet account: Account | undefined = undefined;\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tif (\n\t\t\taccountData &&\n\t\t\t(!providerId || providerId === accountData?.providerId)\n\t\t) {\n\t\t\taccount = accountData;\n\t\t} else {\n\t\t\tconst accounts =\n\t\t\t\tawait ctx.context.internalAdapter.findAccounts(resolvedUserId);\n\t\t\taccount = accounts.find((acc) =>\n\t\t\t\taccountId\n\t\t\t\t\t? acc.accountId === accountId && acc.providerId === providerId\n\t\t\t\t\t: acc.providerId === providerId,\n\t\t\t);\n\t\t}\n\n\t\tif (!account) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\tlet refreshToken: string | null | undefined = undefined;\n\t\tif (accountData && providerId === accountData.providerId) {\n\t\t\trefreshToken = accountData.refreshToken ?? undefined;\n\t\t} else {\n\t\t\trefreshToken = account.refreshToken ?? undefined;\n\t\t}\n\n\t\tif (!refreshToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Refresh token not found\",\n\t\t\t\tcode: \"REFRESH_TOKEN_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\n\t\ttry {\n\t\t\tconst decryptedRefreshToken = await decryptOAuthToken(\n\t\t\t\trefreshToken,\n\t\t\t\tctx.context,\n\t\t\t);\n\t\t\tconst tokens: OAuth2Tokens = await provider.refreshAccessToken(\n\t\t\t\tdecryptedRefreshToken,\n\t\t\t);\n\n\t\t\tconst resolvedRefreshToken = tokens.refreshToken\n\t\t\t\t? await setTokenUtil(tokens.refreshToken, ctx.context)\n\t\t\t\t: refreshToken;\n\t\t\tconst resolvedRefreshTokenExpiresAt =\n\t\t\t\ttokens.refreshTokenExpiresAt ?? account.refreshTokenExpiresAt;\n\n\t\t\tif (account.id) {\n\t\t\t\tconst updateData = {\n\t\t\t\t\t...(account || {}),\n\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\trefreshToken: resolvedRefreshToken,\n\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshTokenExpiresAt: resolvedRefreshTokenExpiresAt,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\") || account.scope,\n\t\t\t\t\tidToken: tokens.idToken || account.idToken,\n\t\t\t\t};\n\t\t\t\tawait ctx.context.internalAdapter.updateAccount(account.id, updateData);\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\taccountData &&\n\t\t\t\tproviderId === accountData.providerId &&\n\t\t\t\tctx.context.options.account?.storeAccountCookie\n\t\t\t) {\n\t\t\t\tconst updateData = {\n\t\t\t\t\t...accountData,\n\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\trefreshToken: resolvedRefreshToken,\n\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshTokenExpiresAt: resolvedRefreshTokenExpiresAt,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\") || accountData.scope,\n\t\t\t\t\tidToken: tokens.idToken || accountData.idToken,\n\t\t\t\t};\n\t\t\t\tawait setAccountCookie(ctx, updateData);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\taccessToken: tokens.accessToken,\n\t\t\t\trefreshToken: tokens.refreshToken ?? decryptedRefreshToken,\n\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\trefreshTokenExpiresAt: resolvedRefreshTokenExpiresAt,\n\t\t\t\tscope: tokens.scopes?.join(\",\") || account.scope,\n\t\t\t\tidToken: tokens.idToken || account.idToken,\n\t\t\t\tproviderId: account.providerId,\n\t\t\t\taccountId: account.accountId,\n\t\t\t});\n\t\t} catch (_error) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Failed to refresh access token\",\n\t\t\t\tcode: \"FAILED_TO_REFRESH_ACCESS_TOKEN\",\n\t\t\t});\n\t\t}\n\t},\n);\n\nconst accountInfoQuerySchema = z.optional(\n\tz.object({\n\t\taccountId: z\n\t\t\t.string()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"The provider given account id for which to get the account info\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n\nexport const accountInfo = createAuthEndpoint(\n\t\"/account-info\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Get the account info provided by the provider\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trequired: [\"id\", \"emailVerified\"],\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\tadditionalProperties: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"user\", \"data\"],\n\t\t\t\t\t\t\t\t\tadditionalProperties: false,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tquery: accountInfoQuerySchema,\n\t},\n\tasync (ctx) => {\n\t\tconst providedAccountId = ctx.query?.accountId;\n\t\tlet account: Account | undefined = undefined;\n\t\tif (!providedAccountId) {\n\t\t\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\t\t\tconst accountData = await getAccountCookie(ctx);\n\t\t\t\tif (accountData) {\n\t\t\t\t\taccount = accountData;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tconst accountData =\n\t\t\t\tawait ctx.context.internalAdapter.findAccount(providedAccountId);\n\t\t\tif (accountData) {\n\t\t\t\taccount = accountData;\n\t\t\t}\n\t\t}\n\n\t\tif (!account || account.userId !== ctx.context.session.user.id) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\tconst provider = await getAwaitableValue(ctx.context.socialProviders, {\n\t\t\tvalue: account.providerId,\n\t\t});\n\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: `Provider account provider is ${account.providerId} but it is not configured`,\n\t\t\t\tcode: \"PROVIDER_NOT_CONFIGURED\",\n\t\t\t});\n\t\t}\n\t\tconst tokens = await getAccessToken({\n\t\t\t...ctx,\n\t\t\tmethod: \"POST\",\n\t\t\tbody: {\n\t\t\t\taccountId: account.id,\n\t\t\t\tproviderId: account.providerId,\n\t\t\t},\n\t\t\treturnHeaders: false,\n\t\t\treturnStatus: false,\n\t\t});\n\t\tif (!tokens.accessToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Access token not found\",\n\t\t\t\tcode: \"ACCESS_TOKEN_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\t\tconst info = await provider.getUserInfo({\n\t\t\t...tokens,\n\t\t\taccessToken: tokens.accessToken as string,\n\t\t});\n\t\treturn ctx.json(info);\n\t},\n);\n"],"mappings":";;;;;;;;;;;;AAqBA,MAAa,mBAAmB,mBAC/B,kBACA;CACC,QAAQ;CACR,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,OAAO;KACN,MAAM;KACN,YAAY;MACX,IAAI,EACH,MAAM,UACN;MACD,YAAY,EACX,MAAM,UACN;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR;MACD,WAAW,EACV,MAAM,UACN;MACD,QAAQ,EACP,MAAM,UACN;MACD,QAAQ;OACP,MAAM;OACN,OAAO,EACN,MAAM,UACN;OACD;MACD;KACD,UAAU;MACT;MACA;MACA;MACA;MACA;MACA;MACA;MACA;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAAM;CACZ,MAAM,UAAU,EAAE,QAAQ;CAC1B,MAAM,WAAW,MAAM,EAAE,QAAQ,gBAAgB,aAChD,QAAQ,KAAK,GACb;AACD,QAAO,EAAE,KACR,SAAS,KAAK,MAAM;EACnB,MAAM,EAAE,OAAO,GAAG,WAAW,mBAAmB,EAAE,QAAQ,SAAS,EAAE;AACrE,SAAO;GACN,GAAG;GACH,QAAQ,OAAO,MAAM,IAAI,IAAI,EAAE;GAC/B;GACA,CACF;EAEF;AAED,MAAa,oBAAoB,mBAChC,gBACA;CACC,QAAQ;CACR,gBAAgB;CAChB,MAAM,EAAE,OAAO;EAId,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,uDACb,CAAC,CACD,UAAU;EAIZ,UAAU;EAIV,SAAS,EACP,OAAO;GACP,OAAO,EAAE,QAAQ;GACjB,OAAO,EAAE,QAAQ,CAAC,UAAU;GAC5B,aAAa,EAAE,QAAQ,CAAC,UAAU;GAClC,cAAc,EAAE,QAAQ,CAAC,UAAU;GACnC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,UAAU;GACtC,CAAC,CACD,UAAU;EAIZ,eAAe,EAAE,SAAS,CAAC,UAAU;EAMrC,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aAAa,kDACb,CAAC,CACD,UAAU;EAIZ,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aACC,uEACD,CAAC,CACD,UAAU;EAOZ,iBAAiB,EACf,SAAS,CACT,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;EAIZ,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU;EACxD,CAAC;CACF,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,KAAK;MACJ,MAAM;MACN,aACC;MACD;KACD,UAAU;MACT,MAAM;MACN,aACC;MACD;KACD,QAAQ,EACP,MAAM,WACN;KACD;IACD,UAAU,CAAC,WAAW;IACtB,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAAM;CACZ,MAAM,UAAU,EAAE,QAAQ;CAC1B,MAAM,WAAW,MAAM,kBAAkB,EAAE,QAAQ,iBAAiB,EACnE,OAAO,EAAE,KAAK,UACd,CAAC;AAEF,KAAI,CAAC,UAAU;AACd,IAAE,QAAQ,OAAO,MAChB,yEACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;AAItE,KAAI,EAAE,KAAK,SAAS;AACnB,MAAI,CAAC,SAAS,eAAe;AAC5B,KAAE,QAAQ,OAAO,MAChB,mDACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,SAAM,SAAS,KACd,aACA,iBAAiB,uBACjB;;EAGF,MAAM,EAAE,OAAO,UAAU,EAAE,KAAK;AAEhC,MAAI,CADU,MAAM,SAAS,cAAc,OAAO,MAAM,EAC5C;AACX,KAAE,QAAQ,OAAO,MAAM,oBAAoB,EAC1C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KAAK,gBAAgB,iBAAiB,cAAc;;EAGpE,MAAM,kBAAkB,MAAM,SAAS,YAAY;GAClD,SAAS;GACT,aAAa,EAAE,KAAK,QAAQ;GAC5B,cAAc,EAAE,KAAK,QAAQ;GAC7B,CAAC;AAEF,MAAI,CAAC,mBAAmB,CAAC,iBAAiB,MAAM;AAC/C,KAAE,QAAQ,OAAO,MAAM,2BAA2B,EACjD,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,wBACjB;;EAGF,MAAM,gBAAgB,OAAO,gBAAgB,KAAK,GAAG;AAErD,MAAI,CAAC,gBAAgB,KAAK,OAAO;AAChC,KAAE,QAAQ,OAAO,MAAM,wBAAwB,EAC9C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,qBACjB;;AAWF,OARyB,MAAM,EAAE,QAAQ,gBAAgB,aACxD,QAAQ,KAAK,GACb,EAEsC,MACrC,MAAM,EAAE,eAAe,SAAS,MAAM,EAAE,cAAc,cACvD,CAGA,QAAO,EAAE,KAAK;GACb,KAAK;GACL,QAAQ;GACR,UAAU;GACV,CAAC;AAMH,MACE,CAJwB,EAAE,QAAQ,iBAAiB,SACpD,SAAS,GACT,IAEuB,CAAC,gBAAgB,KAAK,iBAC7C,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,YAAY,MAEvD,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS;GACT,MAAM;GACN,CAAC;AAGH,MACC,gBAAgB,KAAK,OAAO,aAAa,KACxC,QAAQ,KAAK,MAAM,aAAa,IACjC,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,yBAAyB,KAEpE,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS;GACT,MAAM;GACN,CAAC;AAGH,MAAI;AACH,SAAM,EAAE,QAAQ,gBAAgB,cAAc;IAC7C,QAAQ,QAAQ,KAAK;IACrB,YAAY,SAAS;IACrB,WAAW;IACX,aAAa,EAAE,KAAK,QAAQ;IAC5B,SAAS;IACT,cAAc,EAAE,KAAK,QAAQ;IAC7B,OAAO,EAAE,KAAK,QAAQ,QAAQ,KAAK,IAAI;IACvC,CAAC;WACM,IAAS;AACjB,SAAM,SAAS,KAAK,sBAAsB;IACzC,SAAS;IACT,MAAM;IACN,CAAC;;AAGH,MACC,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,yBAAyB,KAEpE,KAAI;AACH,SAAM,EAAE,QAAQ,gBAAgB,WAAW,QAAQ,KAAK,IAAI;IAC3D,MAAM,gBAAgB,MAAM;IAC5B,OAAO,gBAAgB,MAAM;IAC7B,CAAC;WACM,GAAQ;AAChB,WAAQ,KAAK,6BAA6B,EAAE,UAAU,CAAC;;AAIzD,SAAO,EAAE,KAAK;GACb,KAAK;GACL,QAAQ;GACR,UAAU;GACV,CAAC;;CAIH,MAAM,QAAQ,MAAM,cACnB,GACA;EACC,QAAQ,QAAQ,KAAK;EACrB,OAAO,QAAQ,KAAK;EACpB,EACD,EAAE,KAAK,eACP;CAED,MAAM,MAAM,MAAM,SAAS,uBAAuB;EACjD,OAAO,MAAM;EACb,cAAc,MAAM;EACpB,aAAa,GAAG,EAAE,QAAQ,QAAQ,YAAY,SAAS;EACvD,QAAQ,EAAE,KAAK;EACf,CAAC;AAEF,KAAI,CAAC,EAAE,KAAK,gBACX,GAAE,UAAU,YAAY,IAAI,UAAU,CAAC;AAGxC,QAAO,EAAE,KAAK;EACb,KAAK,IAAI,UAAU;EACnB,UAAU,CAAC,EAAE,KAAK;EAClB,CAAC;EAEH;AACD,MAAa,gBAAgB,mBAC5B,mBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,QAAQ,CAAC,UAAU;EAChC,CAAC;CACF,KAAK,CAAC,uBAAuB;CAC7B,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,cAAc,IAAI;CACtC,MAAM,WAAW,MAAM,IAAI,QAAQ,gBAAgB,aAClD,IAAI,QAAQ,QAAQ,KAAK,GACzB;AACD,KACC,SAAS,WAAW,KACpB,CAAC,IAAI,QAAQ,QAAQ,SAAS,gBAAgB,kBAE9C,OAAM,SAAS,KACd,eACA,iBAAiB,8BACjB;CAEF,MAAM,eAAe,SAAS,MAAM,YACnC,YACG,QAAQ,cAAc,aAAa,QAAQ,eAAe,aAC1D,QAAQ,eAAe,WAC1B;AACD,KAAI,CAAC,aACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;AAEvE,OAAM,IAAI,QAAQ,gBAAgB,cAAc,aAAa,GAAG;AAChE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAED,MAAa,iBAAiB,mBAC7B,qBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;EACF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oDACb,CAAC,CACD,UAAU;EACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,2CACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,WAAW,EACV,MAAM,UACN;MACD,SAAS,EACR,MAAM,UACN;MACD,aAAa,EACZ,MAAM,UACN;MACD,sBAAsB;OACrB,MAAM;OACN,QAAQ;OACR;MACD;KACD,EACD,EACD;IACD;GACD,KAAK,EACJ,aAAa,mDACb;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,WAAW,WAAW,IAAI,QAAQ,EAAE;CACxD,MAAM,MAAM,IAAI;CAChB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,OAAO,CAAC,QACX,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,iBAAiB,SAAS,MAAM,MAAM;AAC5C,KAAI,CAAC,eACJ,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,WAAW,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,EACrE,OAAO,YACP,CAAC;AACF,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;CAEH,MAAM,cAAc,MAAM,iBAAiB,IAAI;CAC/C,IAAI,UAA+B;AACnC,KACC,eACA,eAAe,YAAY,eAC1B,CAAC,aAAa,YAAY,OAAO,WAElC,WAAU;KAIV,YADC,MAAM,IAAI,QAAQ,gBAAgB,aAAa,eAAe,EAC5C,MAAM,QACxB,YACG,IAAI,cAAc,aAAa,IAAI,eAAe,aAClD,IAAI,eAAe,WACtB;AAGF,KAAI,CAAC,QACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;AAGvE,KAAI;EACH,IAAI,YAAiC;EACrC,MAAM,qBACL,QAAQ,wBACR,IAAI,KAAK,QAAQ,qBAAqB,CAAC,SAAS,GAAG,KAAK,KAAK,GAAG;AACjE,MACC,QAAQ,gBACR,sBACA,SAAS,oBACR;GACD,MAAM,eAAe,MAAM,kBAC1B,QAAQ,cACR,IAAI,QACJ;AACD,eAAY,MAAM,SAAS,mBAAmB,aAAa;GAC3D,MAAM,cAAc;IACnB,aAAa,MAAM,aAAa,WAAW,aAAa,IAAI,QAAQ;IACpE,sBAAsB,WAAW;IACjC,cAAc,WAAW,eACtB,MAAM,aAAa,UAAU,cAAc,IAAI,QAAQ,GACvD,QAAQ;IACX,uBACC,WAAW,yBAAyB,QAAQ;IAC7C,SAAS,WAAW,WAAW,QAAQ;IACvC;GACD,IAAI,iBAA6C;AACjD,OAAI,QAAQ,GACX,kBAAiB,MAAM,IAAI,QAAQ,gBAAgB,cAClD,QAAQ,IACR,YACA;AAEF,OAAI,IAAI,QAAQ,QAAQ,SAAS,mBAChC,OAAM,iBAAiB,KAAK;IAC3B,GAAG;IACH,GAAI,kBAAkB;IACtB,CAAC;;EAIJ,MAAM,8BAA8B;AACnC,OAAI,WAAW,sBAAsB;AACpC,QAAI,OAAO,UAAU,yBAAyB,SAC7C,QAAO,IAAI,KAAK,UAAU,qBAAqB;AAEhD,WAAO,UAAU;;AAElB,OAAI,QAAQ,sBAAsB;AACjC,QAAI,OAAO,QAAQ,yBAAyB,SAC3C,QAAO,IAAI,KAAK,QAAQ,qBAAqB;AAE9C,WAAO,QAAQ;;MAGb;EAEJ,MAAM,SAAS;GACd,aACC,WAAW,eACV,MAAM,kBAAkB,QAAQ,eAAe,IAAI,IAAI,QAAQ;GACjE;GACA,QAAQ,QAAQ,OAAO,MAAM,IAAI,IAAI,EAAE;GACvC,SAAS,WAAW,WAAW,QAAQ,WAAW;GAClD;AACD,SAAO,IAAI,KAAK,OAAO;UACf,QAAQ;AAChB,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;EAGJ;AAED,MAAa,eAAe,mBAC3B,kBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;EACF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oDACb,CAAC,CACD,UAAU;EACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,2CACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,WAAW,EACV,MAAM,UACN;MACD,SAAS,EACR,MAAM,UACN;MACD,aAAa,EACZ,MAAM,UACN;MACD,cAAc,EACb,MAAM,UACN;MACD,sBAAsB;OACrB,MAAM;OACN,QAAQ;OACR;MACD,uBAAuB;OACtB,MAAM;OACN,QAAQ;OACR;MACD;KACD,EACD,EACD;IACD;GACD,KAAK,EACJ,aAAa,mDACb;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,WAAW,WAAW,IAAI;CAC9C,MAAM,MAAM,IAAI;CAChB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,OAAO,CAAC,QACX,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,iBAAiB,SAAS,MAAM,MAAM;AAC5C,KAAI,CAAC,eACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;CAEH,MAAM,WAAW,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,EACrE,OAAO,YACP,CAAC;AACF,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;AAEH,KAAI,CAAC,SAAS,mBACb,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;CAIH,IAAI,UAA+B;CACnC,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,KACC,gBACC,CAAC,cAAc,eAAe,aAAa,YAE5C,WAAU;KAIV,YADC,MAAM,IAAI,QAAQ,gBAAgB,aAAa,eAAe,EAC5C,MAAM,QACxB,YACG,IAAI,cAAc,aAAa,IAAI,eAAe,aAClD,IAAI,eAAe,WACtB;AAGF,KAAI,CAAC,QACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,IAAI,eAA0C;AAC9C,KAAI,eAAe,eAAe,YAAY,WAC7C,gBAAe,YAAY,gBAAgB;KAE3C,gBAAe,QAAQ,gBAAgB;AAGxC,KAAI,CAAC,aACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;AAGH,KAAI;EACH,MAAM,wBAAwB,MAAM,kBACnC,cACA,IAAI,QACJ;EACD,MAAM,SAAuB,MAAM,SAAS,mBAC3C,sBACA;EAED,MAAM,uBAAuB,OAAO,eACjC,MAAM,aAAa,OAAO,cAAc,IAAI,QAAQ,GACpD;EACH,MAAM,gCACL,OAAO,yBAAyB,QAAQ;AAEzC,MAAI,QAAQ,IAAI;GACf,MAAM,aAAa;IAClB,GAAI,WAAW,EAAE;IACjB,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;IAChE,cAAc;IACd,sBAAsB,OAAO;IAC7B,uBAAuB;IACvB,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ;IAC3C,SAAS,OAAO,WAAW,QAAQ;IACnC;AACD,SAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,IAAI,WAAW;;AAGxE,MACC,eACA,eAAe,YAAY,cAC3B,IAAI,QAAQ,QAAQ,SAAS,mBAW7B,OAAM,iBAAiB,KATJ;GAClB,GAAG;GACH,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;GAChE,cAAc;GACd,sBAAsB,OAAO;GAC7B,uBAAuB;GACvB,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,YAAY;GAC/C,SAAS,OAAO,WAAW,YAAY;GACvC,CACsC;AAExC,SAAO,IAAI,KAAK;GACf,aAAa,OAAO;GACpB,cAAc,OAAO,gBAAgB;GACrC,sBAAsB,OAAO;GAC7B,uBAAuB;GACvB,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ;GAC3C,SAAS,OAAO,WAAW,QAAQ;GACnC,YAAY,QAAQ;GACpB,WAAW,QAAQ;GACnB,CAAC;UACM,QAAQ;AAChB,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;EAGJ;AAED,MAAM,yBAAyB,EAAE,SAChC,EAAE,OAAO,EACR,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aACC,mEACD,CAAC,CACD,UAAU,EACZ,CAAC,CACF;AAED,MAAa,cAAc,mBAC1B,iBACA;CACC,QAAQ;CACR,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,MAAM;MACL,MAAM;MACN,YAAY;OACX,IAAI,EACH,MAAM,UACN;OACD,MAAM,EACL,MAAM,UACN;OACD,OAAO,EACN,MAAM,UACN;OACD,OAAO,EACN,MAAM,UACN;OACD,eAAe,EACd,MAAM,WACN;OACD;MACD,UAAU,CAAC,MAAM,gBAAgB;MACjC;KACD,MAAM;MACL,MAAM;MACN,YAAY,EAAE;MACd,sBAAsB;MACtB;KACD;IACD,UAAU,CAAC,QAAQ,OAAO;IAC1B,sBAAsB;IACtB,EACD,EACD;GACD,EACD;EACD,EACD;CACD,OAAO;CACP,EACD,OAAO,QAAQ;CACd,MAAM,oBAAoB,IAAI,OAAO;CACrC,IAAI,UAA+B;AACnC,KAAI,CAAC,mBACJ;MAAI,IAAI,QAAQ,QAAQ,SAAS,oBAAoB;GACpD,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,OAAI,YACH,WAAU;;QAGN;EACN,MAAM,cACL,MAAM,IAAI,QAAQ,gBAAgB,YAAY,kBAAkB;AACjE,MAAI,YACH,WAAU;;AAIZ,KAAI,CAAC,WAAW,QAAQ,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAC3D,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,MAAM,WAAW,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,EACrE,OAAO,QAAQ,YACf,CAAC;AAEF,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,yBAAyB;EAC5C,SAAS,gCAAgC,QAAQ,WAAW;EAC5D,MAAM;EACN,CAAC;CAEH,MAAM,SAAS,MAAM,eAAe;EACnC,GAAG;EACH,QAAQ;EACR,MAAM;GACL,WAAW,QAAQ;GACnB,YAAY,QAAQ;GACpB;EACD,eAAe;EACf,cAAc;EACd,CAAC;AACF,KAAI,CAAC,OAAO,YACX,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;CAEH,MAAM,OAAO,MAAM,SAAS,YAAY;EACvC,GAAG;EACH,aAAa,OAAO;EACpB,CAAC;AACF,QAAO,IAAI,KAAK,KAAK;EAEtB"}
|
|
1
|
+
{"version":3,"file":"account.mjs","names":[],"sources":["../../../src/api/routes/account.ts"],"sourcesContent":["import { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { Account } from \"@better-auth/core/db\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport type { OAuth2Tokens } from \"@better-auth/core/oauth2\";\nimport { SocialProviderListEnum } from \"@better-auth/core/social-providers\";\n\nimport * as z from \"zod\";\nimport { getAwaitableValue } from \"../../context/helpers\";\nimport {\n\tgetAccountCookie,\n\tsetAccountCookie,\n} from \"../../cookies/session-store\";\nimport { parseAccountOutput } from \"../../db/schema\";\nimport { generateState } from \"../../oauth2/state\";\nimport { decryptOAuthToken, setTokenUtil } from \"../../oauth2/utils\";\nimport {\n\tfreshSessionMiddleware,\n\tgetSessionFromCtx,\n\tsessionMiddleware,\n} from \"./session\";\n\nexport const listUserAccounts = createAuthEndpoint(\n\t\"/list-accounts\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"listUserAccounts\",\n\t\t\t\tdescription: \"List all accounts linked to the user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tproviderId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\taccountId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tscopes: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\"providerId\",\n\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"accountId\",\n\t\t\t\t\t\t\t\t\t\t\t\"userId\",\n\t\t\t\t\t\t\t\t\t\t\t\"scopes\",\n\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (c) => {\n\t\tconst session = c.context.session;\n\t\tconst accounts = await c.context.internalAdapter.findAccounts(\n\t\t\tsession.user.id,\n\t\t);\n\t\treturn c.json(\n\t\t\taccounts.map((a) => {\n\t\t\t\tconst { scope, ...parsed } = parseAccountOutput(c.context.options, a);\n\t\t\t\treturn {\n\t\t\t\t\t...parsed,\n\t\t\t\t\tscopes: scope?.split(\",\") || [],\n\t\t\t\t};\n\t\t\t}),\n\t\t);\n\t},\n);\n\nexport const linkSocialAccount = createAuthEndpoint(\n\t\"/link-social\",\n\t{\n\t\tmethod: \"POST\",\n\t\trequireHeaders: true,\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * Callback URL to redirect to after the user has signed in.\n\t\t\t */\n\t\t\tcallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The URL to redirect to after the user has signed in\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * OAuth2 provider to use\n\t\t\t */\n\t\t\tprovider: SocialProviderListEnum,\n\t\t\t/**\n\t\t\t * ID Token for direct authentication without redirect\n\t\t\t */\n\t\t\tidToken: z\n\t\t\t\t.object({\n\t\t\t\t\ttoken: z.string(),\n\t\t\t\t\tnonce: z.string().optional(),\n\t\t\t\t\taccessToken: z.string().optional(),\n\t\t\t\t\trefreshToken: z.string().optional(),\n\t\t\t\t\tscopes: z.array(z.string()).optional(),\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Whether to allow sign up for new users\n\t\t\t */\n\t\t\trequestSignUp: z.boolean().optional(),\n\t\t\t/**\n\t\t\t * Additional scopes to request when linking the account.\n\t\t\t * This is useful for requesting additional permissions when\n\t\t\t * linking a social account compared to the initial authentication.\n\t\t\t */\n\t\t\tscopes: z\n\t\t\t\t.array(z.string())\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Additional scopes to request from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * The URL to redirect to if there is an error during the link process.\n\t\t\t */\n\t\t\terrorCallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"The URL to redirect to if there is an error during the link process\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Disable automatic redirection to the provider\n\t\t\t *\n\t\t\t * This is useful if you want to handle the redirection\n\t\t\t * yourself like in a popup or a different tab.\n\t\t\t */\n\t\t\tdisableRedirect: z\n\t\t\t\t.boolean()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Disable automatic redirection to the provider. Useful for handling the redirection yourself\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Any additional data to pass through the oauth flow.\n\t\t\t */\n\t\t\tadditionalData: z.record(z.string(), z.any()).optional(),\n\t\t}),\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Link a social account to the user\",\n\t\t\t\toperationId: \"linkSocialAccount\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"The authorization URL to redirect the user to\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates if the user should be redirected to the authorization URL\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"redirect\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (c) => {\n\t\tconst session = c.context.session;\n\t\tconst provider = await getAwaitableValue(c.context.socialProviders, {\n\t\t\tvalue: c.body.provider,\n\t\t});\n\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Provider not found. Make sure to add the provider in your auth config\",\n\t\t\t\t{\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t},\n\t\t\t);\n\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t}\n\n\t\t// Handle ID Token flow if provided\n\t\tif (c.body.idToken) {\n\t\t\tif (!provider.verifyIdToken) {\n\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\"Provider does not support id token verification\",\n\t\t\t\t\t{\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"NOT_FOUND\",\n\t\t\t\t\tBASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { token, nonce } = c.body.idToken;\n\t\t\tconst valid = await provider.verifyIdToken(token, nonce);\n\t\t\tif (!valid) {\n\t\t\t\tc.context.logger.error(\"Invalid id token\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t\t}\n\n\t\t\tconst linkingUserInfo = await provider.getUserInfo({\n\t\t\t\tidToken: token,\n\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t});\n\n\t\t\tif (!linkingUserInfo || !linkingUserInfo?.user) {\n\t\t\t\tc.context.logger.error(\"Failed to get user info\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_GET_USER_INFO,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst linkingUserId = String(linkingUserInfo.user.id);\n\n\t\t\tif (!linkingUserInfo.user.email) {\n\t\t\t\tc.context.logger.error(\"User email not found\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.USER_EMAIL_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst existingAccounts = await c.context.internalAdapter.findAccounts(\n\t\t\t\tsession.user.id,\n\t\t\t);\n\n\t\t\tconst hasBeenLinked = existingAccounts.find(\n\t\t\t\t(a) => a.providerId === provider.id && a.accountId === linkingUserId,\n\t\t\t);\n\n\t\t\tif (hasBeenLinked) {\n\t\t\t\treturn c.json({\n\t\t\t\t\turl: \"\", // this is for type inference\n\t\t\t\t\tstatus: true,\n\t\t\t\t\tredirect: false,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst isTrustedProvider = c.context.trustedProviders.includes(\n\t\t\t\tprovider.id,\n\t\t\t);\n\t\t\tif (\n\t\t\t\t(!isTrustedProvider && !linkingUserInfo.user.emailVerified) ||\n\t\t\t\tc.context.options.account?.accountLinking?.enabled === false\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"Account not linked - linking not allowed\",\n\t\t\t\t\tcode: \"LINKING_NOT_ALLOWED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tlinkingUserInfo.user.email?.toLowerCase() !==\n\t\t\t\t\tsession.user.email.toLowerCase() &&\n\t\t\t\tc.context.options.account?.accountLinking?.allowDifferentEmails !== true\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"Account not linked - different emails not allowed\",\n\t\t\t\t\tcode: \"LINKING_DIFFERENT_EMAILS_NOT_ALLOWED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tawait c.context.internalAdapter.createAccount({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: linkingUserId,\n\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\tidToken: token,\n\t\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t\t\tscope: c.body.idToken.scopes?.join(\",\"),\n\t\t\t\t});\n\t\t\t} catch (_e: any) {\n\t\t\t\tthrow APIError.from(\"EXPECTATION_FAILED\", {\n\t\t\t\t\tmessage: \"Account not linked - unable to create account\",\n\t\t\t\t\tcode: \"LINKING_FAILED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tc.context.options.account?.accountLinking?.updateUserInfoOnLink === true\n\t\t\t) {\n\t\t\t\ttry {\n\t\t\t\t\tawait c.context.internalAdapter.updateUser(session.user.id, {\n\t\t\t\t\t\tname: linkingUserInfo.user?.name,\n\t\t\t\t\t\timage: linkingUserInfo.user?.image,\n\t\t\t\t\t});\n\t\t\t\t} catch (e: any) {\n\t\t\t\t\tconsole.warn(\"Could not update user - \" + e.toString());\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn c.json({\n\t\t\t\turl: \"\", // this is for type inference\n\t\t\t\tstatus: true,\n\t\t\t\tredirect: false,\n\t\t\t});\n\t\t}\n\n\t\t// Handle OAuth flow\n\t\tconst state = await generateState(\n\t\t\tc,\n\t\t\t{\n\t\t\t\tuserId: session.user.id,\n\t\t\t\temail: session.user.email,\n\t\t\t},\n\t\t\tc.body.additionalData,\n\t\t);\n\n\t\tconst url = await provider.createAuthorizationURL({\n\t\t\tstate: state.state,\n\t\t\tcodeVerifier: state.codeVerifier,\n\t\t\tredirectURI: `${c.context.baseURL}/callback/${provider.id}`,\n\t\t\tscopes: c.body.scopes,\n\t\t});\n\n\t\tif (!c.body.disableRedirect) {\n\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t}\n\n\t\treturn c.json({\n\t\t\turl: url.toString(),\n\t\t\tredirect: !c.body.disableRedirect,\n\t\t});\n\t},\n);\nexport const unlinkAccount = createAuthEndpoint(\n\t\"/unlink-account\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string(),\n\t\t\taccountId: z.string().optional(),\n\t\t}),\n\t\tuse: [freshSessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Unlink an account\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId } = ctx.body;\n\t\tconst accounts = await ctx.context.internalAdapter.findAccounts(\n\t\t\tctx.context.session.user.id,\n\t\t);\n\t\tif (\n\t\t\taccounts.length === 1 &&\n\t\t\t!ctx.context.options.account?.accountLinking?.allowUnlinkingAll\n\t\t) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\tBASE_ERROR_CODES.FAILED_TO_UNLINK_LAST_ACCOUNT,\n\t\t\t);\n\t\t}\n\t\tconst accountExist = accounts.find((account) =>\n\t\t\taccountId\n\t\t\t\t? account.accountId === accountId && account.providerId === providerId\n\t\t\t\t: account.providerId === providerId,\n\t\t);\n\t\tif (!accountExist) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteAccount(accountExist.id);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const getAccessToken = createAuthEndpoint(\n\t\"/get-access-token\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string().meta({\n\t\t\t\tdescription: \"The provider ID for the OAuth provider\",\n\t\t\t}),\n\t\t\taccountId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The account ID associated with the refresh token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\tuserId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The user ID associated with the account\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Get a valid access token, doing a refresh if needed\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"A Valid access token\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttokenType: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tidToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t400: {\n\t\t\t\t\t\tdescription: \"Invalid refresh token or provider configuration\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId, userId } = ctx.body || {};\n\t\tconst req = ctx.request;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (req && !session) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst resolvedUserId = session?.user?.id || userId;\n\t\tif (!resolvedUserId) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst provider = await getAwaitableValue(ctx.context.socialProviders, {\n\t\t\tvalue: providerId,\n\t\t});\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} is not supported.`,\n\t\t\t\tcode: \"PROVIDER_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tlet account: Account | undefined = undefined;\n\t\tif (\n\t\t\taccountData &&\n\t\t\tproviderId === accountData.providerId &&\n\t\t\t(!accountId || accountData.id === accountId)\n\t\t) {\n\t\t\taccount = accountData;\n\t\t} else {\n\t\t\tconst accounts =\n\t\t\t\tawait ctx.context.internalAdapter.findAccounts(resolvedUserId);\n\t\t\taccount = accounts.find((acc) =>\n\t\t\t\taccountId\n\t\t\t\t\t? acc.accountId === accountId && acc.providerId === providerId\n\t\t\t\t\t: acc.providerId === providerId,\n\t\t\t);\n\t\t}\n\n\t\tif (!account) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\ttry {\n\t\t\tlet newTokens: OAuth2Tokens | null = null;\n\t\t\tconst accessTokenExpired =\n\t\t\t\taccount.accessTokenExpiresAt &&\n\t\t\t\tnew Date(account.accessTokenExpiresAt).getTime() - Date.now() < 5_000;\n\t\t\tif (\n\t\t\t\taccount.refreshToken &&\n\t\t\t\taccessTokenExpired &&\n\t\t\t\tprovider.refreshAccessToken\n\t\t\t) {\n\t\t\t\tconst refreshToken = await decryptOAuthToken(\n\t\t\t\t\taccount.refreshToken,\n\t\t\t\t\tctx.context,\n\t\t\t\t);\n\t\t\t\tnewTokens = await provider.refreshAccessToken(refreshToken);\n\t\t\t\tconst updatedData = {\n\t\t\t\t\taccessToken: await setTokenUtil(newTokens?.accessToken, ctx.context),\n\t\t\t\t\taccessTokenExpiresAt: newTokens?.accessTokenExpiresAt,\n\t\t\t\t\trefreshToken: newTokens?.refreshToken\n\t\t\t\t\t\t? await setTokenUtil(newTokens.refreshToken, ctx.context)\n\t\t\t\t\t\t: account.refreshToken,\n\t\t\t\t\trefreshTokenExpiresAt:\n\t\t\t\t\t\tnewTokens?.refreshTokenExpiresAt ?? account.refreshTokenExpiresAt,\n\t\t\t\t\tidToken: newTokens?.idToken || account.idToken,\n\t\t\t\t};\n\t\t\t\tlet updatedAccount: Record<string, any> | null = null;\n\t\t\t\tif (account.id) {\n\t\t\t\t\tupdatedAccount = await ctx.context.internalAdapter.updateAccount(\n\t\t\t\t\t\taccount.id,\n\t\t\t\t\t\tupdatedData,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\t\t\t\tawait setAccountCookie(ctx, {\n\t\t\t\t\t\t...account,\n\t\t\t\t\t\t...(updatedAccount ?? updatedData),\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst accessTokenExpiresAt = (() => {\n\t\t\t\tif (newTokens?.accessTokenExpiresAt) {\n\t\t\t\t\tif (typeof newTokens.accessTokenExpiresAt === \"string\") {\n\t\t\t\t\t\treturn new Date(newTokens.accessTokenExpiresAt);\n\t\t\t\t\t}\n\t\t\t\t\treturn newTokens.accessTokenExpiresAt;\n\t\t\t\t}\n\t\t\t\tif (account.accessTokenExpiresAt) {\n\t\t\t\t\tif (typeof account.accessTokenExpiresAt === \"string\") {\n\t\t\t\t\t\treturn new Date(account.accessTokenExpiresAt);\n\t\t\t\t\t}\n\t\t\t\t\treturn account.accessTokenExpiresAt;\n\t\t\t\t}\n\t\t\t\treturn undefined;\n\t\t\t})();\n\n\t\t\tconst tokens = {\n\t\t\t\taccessToken:\n\t\t\t\t\tnewTokens?.accessToken ??\n\t\t\t\t\t(await decryptOAuthToken(account.accessToken ?? \"\", ctx.context)),\n\t\t\t\taccessTokenExpiresAt,\n\t\t\t\tscopes: account.scope?.split(\",\") ?? [],\n\t\t\t\tidToken: newTokens?.idToken ?? account.idToken ?? undefined,\n\t\t\t};\n\t\t\treturn ctx.json(tokens);\n\t\t} catch (_error) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Failed to get a valid access token\",\n\t\t\t\tcode: \"FAILED_TO_GET_ACCESS_TOKEN\",\n\t\t\t});\n\t\t}\n\t},\n);\n\nexport const refreshToken = createAuthEndpoint(\n\t\"/refresh-token\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string().meta({\n\t\t\t\tdescription: \"The provider ID for the OAuth provider\",\n\t\t\t}),\n\t\t\taccountId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The account ID associated with the refresh token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\tuserId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The user ID associated with the account\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Refresh the access token using a refresh token\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"Access token refreshed successfully\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttokenType: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tidToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trefreshToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trefreshTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t400: {\n\t\t\t\t\t\tdescription: \"Invalid refresh token or provider configuration\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId, userId } = ctx.body;\n\t\tconst req = ctx.request;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (req && !session) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst resolvedUserId = session?.user?.id || userId;\n\t\tif (!resolvedUserId) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Either userId or session is required`,\n\t\t\t\tcode: \"USER_ID_OR_SESSION_REQUIRED\",\n\t\t\t});\n\t\t}\n\t\tconst provider = await getAwaitableValue(ctx.context.socialProviders, {\n\t\t\tvalue: providerId,\n\t\t});\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} is not supported.`,\n\t\t\t\tcode: \"PROVIDER_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\t\tif (!provider.refreshAccessToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} does not support token refreshing.`,\n\t\t\t\tcode: \"TOKEN_REFRESH_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\n\t\t// Try to read refresh token from cookie first\n\t\tlet account: Account | undefined = undefined;\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tif (\n\t\t\taccountData &&\n\t\t\t(!providerId || providerId === accountData?.providerId)\n\t\t) {\n\t\t\taccount = accountData;\n\t\t} else {\n\t\t\tconst accounts =\n\t\t\t\tawait ctx.context.internalAdapter.findAccounts(resolvedUserId);\n\t\t\taccount = accounts.find((acc) =>\n\t\t\t\taccountId\n\t\t\t\t\t? acc.accountId === accountId && acc.providerId === providerId\n\t\t\t\t\t: acc.providerId === providerId,\n\t\t\t);\n\t\t}\n\n\t\tif (!account) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\tlet refreshToken: string | null | undefined = undefined;\n\t\tif (accountData && providerId === accountData.providerId) {\n\t\t\trefreshToken = accountData.refreshToken ?? undefined;\n\t\t} else {\n\t\t\trefreshToken = account.refreshToken ?? undefined;\n\t\t}\n\n\t\tif (!refreshToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Refresh token not found\",\n\t\t\t\tcode: \"REFRESH_TOKEN_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\n\t\ttry {\n\t\t\tconst decryptedRefreshToken = await decryptOAuthToken(\n\t\t\t\trefreshToken,\n\t\t\t\tctx.context,\n\t\t\t);\n\t\t\tconst tokens: OAuth2Tokens = await provider.refreshAccessToken(\n\t\t\t\tdecryptedRefreshToken,\n\t\t\t);\n\n\t\t\tconst resolvedRefreshToken = tokens.refreshToken\n\t\t\t\t? await setTokenUtil(tokens.refreshToken, ctx.context)\n\t\t\t\t: refreshToken;\n\t\t\tconst resolvedRefreshTokenExpiresAt =\n\t\t\t\ttokens.refreshTokenExpiresAt ?? account.refreshTokenExpiresAt;\n\n\t\t\tif (account.id) {\n\t\t\t\tconst updateData = {\n\t\t\t\t\t...(account || {}),\n\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\trefreshToken: resolvedRefreshToken,\n\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshTokenExpiresAt: resolvedRefreshTokenExpiresAt,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\") || account.scope,\n\t\t\t\t\tidToken: tokens.idToken || account.idToken,\n\t\t\t\t};\n\t\t\t\tawait ctx.context.internalAdapter.updateAccount(account.id, updateData);\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\taccountData &&\n\t\t\t\tproviderId === accountData.providerId &&\n\t\t\t\tctx.context.options.account?.storeAccountCookie\n\t\t\t) {\n\t\t\t\tconst updateData = {\n\t\t\t\t\t...accountData,\n\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\trefreshToken: resolvedRefreshToken,\n\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshTokenExpiresAt: resolvedRefreshTokenExpiresAt,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\") || accountData.scope,\n\t\t\t\t\tidToken: tokens.idToken || accountData.idToken,\n\t\t\t\t};\n\t\t\t\tawait setAccountCookie(ctx, updateData);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\taccessToken: tokens.accessToken,\n\t\t\t\trefreshToken: tokens.refreshToken ?? decryptedRefreshToken,\n\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\trefreshTokenExpiresAt: resolvedRefreshTokenExpiresAt,\n\t\t\t\tscope: tokens.scopes?.join(\",\") || account.scope,\n\t\t\t\tidToken: tokens.idToken || account.idToken,\n\t\t\t\tproviderId: account.providerId,\n\t\t\t\taccountId: account.accountId,\n\t\t\t});\n\t\t} catch (_error) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Failed to refresh access token\",\n\t\t\t\tcode: \"FAILED_TO_REFRESH_ACCESS_TOKEN\",\n\t\t\t});\n\t\t}\n\t},\n);\n\nconst accountInfoQuerySchema = z.optional(\n\tz.object({\n\t\taccountId: z\n\t\t\t.string()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"The provider given account id for which to get the account info\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n\nexport const accountInfo = createAuthEndpoint(\n\t\"/account-info\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Get the account info provided by the provider\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trequired: [\"id\", \"emailVerified\"],\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\tadditionalProperties: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"user\", \"data\"],\n\t\t\t\t\t\t\t\t\tadditionalProperties: false,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tquery: accountInfoQuerySchema,\n\t},\n\tasync (ctx) => {\n\t\tconst providedAccountId = ctx.query?.accountId;\n\t\tlet account: Account | undefined = undefined;\n\t\tif (!providedAccountId) {\n\t\t\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\t\t\tconst accountData = await getAccountCookie(ctx);\n\t\t\t\tif (accountData) {\n\t\t\t\t\taccount = accountData;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tconst accountData =\n\t\t\t\tawait ctx.context.internalAdapter.findAccount(providedAccountId);\n\t\t\tif (accountData) {\n\t\t\t\taccount = accountData;\n\t\t\t}\n\t\t}\n\n\t\tif (!account || account.userId !== ctx.context.session.user.id) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\tconst provider = await getAwaitableValue(ctx.context.socialProviders, {\n\t\t\tvalue: account.providerId,\n\t\t});\n\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: `Provider account provider is ${account.providerId} but it is not configured`,\n\t\t\t\tcode: \"PROVIDER_NOT_CONFIGURED\",\n\t\t\t});\n\t\t}\n\t\tconst tokens = await getAccessToken({\n\t\t\t...ctx,\n\t\t\tmethod: \"POST\",\n\t\t\tbody: {\n\t\t\t\taccountId: account.accountId,\n\t\t\t\tproviderId: account.providerId,\n\t\t\t},\n\t\t\treturnHeaders: false,\n\t\t\treturnStatus: false,\n\t\t});\n\t\tif (!tokens.accessToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Access token not found\",\n\t\t\t\tcode: \"ACCESS_TOKEN_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\t\tconst info = await provider.getUserInfo({\n\t\t\t...tokens,\n\t\t\taccessToken: tokens.accessToken as string,\n\t\t});\n\t\treturn ctx.json(info);\n\t},\n);\n"],"mappings":";;;;;;;;;;;;AAqBA,MAAa,mBAAmB,mBAC/B,kBACA;CACC,QAAQ;CACR,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,OAAO;KACN,MAAM;KACN,YAAY;MACX,IAAI,EACH,MAAM,UACN;MACD,YAAY,EACX,MAAM,UACN;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR;MACD,WAAW,EACV,MAAM,UACN;MACD,QAAQ,EACP,MAAM,UACN;MACD,QAAQ;OACP,MAAM;OACN,OAAO,EACN,MAAM,UACN;OACD;MACD;KACD,UAAU;MACT;MACA;MACA;MACA;MACA;MACA;MACA;MACA;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAAM;CACZ,MAAM,UAAU,EAAE,QAAQ;CAC1B,MAAM,WAAW,MAAM,EAAE,QAAQ,gBAAgB,aAChD,QAAQ,KAAK,GACb;AACD,QAAO,EAAE,KACR,SAAS,KAAK,MAAM;EACnB,MAAM,EAAE,OAAO,GAAG,WAAW,mBAAmB,EAAE,QAAQ,SAAS,EAAE;AACrE,SAAO;GACN,GAAG;GACH,QAAQ,OAAO,MAAM,IAAI,IAAI,EAAE;GAC/B;GACA,CACF;EAEF;AAED,MAAa,oBAAoB,mBAChC,gBACA;CACC,QAAQ;CACR,gBAAgB;CAChB,MAAM,EAAE,OAAO;EAId,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,uDACb,CAAC,CACD,UAAU;EAIZ,UAAU;EAIV,SAAS,EACP,OAAO;GACP,OAAO,EAAE,QAAQ;GACjB,OAAO,EAAE,QAAQ,CAAC,UAAU;GAC5B,aAAa,EAAE,QAAQ,CAAC,UAAU;GAClC,cAAc,EAAE,QAAQ,CAAC,UAAU;GACnC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,UAAU;GACtC,CAAC,CACD,UAAU;EAIZ,eAAe,EAAE,SAAS,CAAC,UAAU;EAMrC,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aAAa,kDACb,CAAC,CACD,UAAU;EAIZ,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aACC,uEACD,CAAC,CACD,UAAU;EAOZ,iBAAiB,EACf,SAAS,CACT,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;EAIZ,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU;EACxD,CAAC;CACF,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,KAAK;MACJ,MAAM;MACN,aACC;MACD;KACD,UAAU;MACT,MAAM;MACN,aACC;MACD;KACD,QAAQ,EACP,MAAM,WACN;KACD;IACD,UAAU,CAAC,WAAW;IACtB,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAAM;CACZ,MAAM,UAAU,EAAE,QAAQ;CAC1B,MAAM,WAAW,MAAM,kBAAkB,EAAE,QAAQ,iBAAiB,EACnE,OAAO,EAAE,KAAK,UACd,CAAC;AAEF,KAAI,CAAC,UAAU;AACd,IAAE,QAAQ,OAAO,MAChB,yEACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;AAItE,KAAI,EAAE,KAAK,SAAS;AACnB,MAAI,CAAC,SAAS,eAAe;AAC5B,KAAE,QAAQ,OAAO,MAChB,mDACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,SAAM,SAAS,KACd,aACA,iBAAiB,uBACjB;;EAGF,MAAM,EAAE,OAAO,UAAU,EAAE,KAAK;AAEhC,MAAI,CADU,MAAM,SAAS,cAAc,OAAO,MAAM,EAC5C;AACX,KAAE,QAAQ,OAAO,MAAM,oBAAoB,EAC1C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KAAK,gBAAgB,iBAAiB,cAAc;;EAGpE,MAAM,kBAAkB,MAAM,SAAS,YAAY;GAClD,SAAS;GACT,aAAa,EAAE,KAAK,QAAQ;GAC5B,cAAc,EAAE,KAAK,QAAQ;GAC7B,CAAC;AAEF,MAAI,CAAC,mBAAmB,CAAC,iBAAiB,MAAM;AAC/C,KAAE,QAAQ,OAAO,MAAM,2BAA2B,EACjD,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,wBACjB;;EAGF,MAAM,gBAAgB,OAAO,gBAAgB,KAAK,GAAG;AAErD,MAAI,CAAC,gBAAgB,KAAK,OAAO;AAChC,KAAE,QAAQ,OAAO,MAAM,wBAAwB,EAC9C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,qBACjB;;AAWF,OARyB,MAAM,EAAE,QAAQ,gBAAgB,aACxD,QAAQ,KAAK,GACb,EAEsC,MACrC,MAAM,EAAE,eAAe,SAAS,MAAM,EAAE,cAAc,cACvD,CAGA,QAAO,EAAE,KAAK;GACb,KAAK;GACL,QAAQ;GACR,UAAU;GACV,CAAC;AAMH,MACE,CAJwB,EAAE,QAAQ,iBAAiB,SACpD,SAAS,GACT,IAEuB,CAAC,gBAAgB,KAAK,iBAC7C,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,YAAY,MAEvD,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS;GACT,MAAM;GACN,CAAC;AAGH,MACC,gBAAgB,KAAK,OAAO,aAAa,KACxC,QAAQ,KAAK,MAAM,aAAa,IACjC,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,yBAAyB,KAEpE,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS;GACT,MAAM;GACN,CAAC;AAGH,MAAI;AACH,SAAM,EAAE,QAAQ,gBAAgB,cAAc;IAC7C,QAAQ,QAAQ,KAAK;IACrB,YAAY,SAAS;IACrB,WAAW;IACX,aAAa,EAAE,KAAK,QAAQ;IAC5B,SAAS;IACT,cAAc,EAAE,KAAK,QAAQ;IAC7B,OAAO,EAAE,KAAK,QAAQ,QAAQ,KAAK,IAAI;IACvC,CAAC;WACM,IAAS;AACjB,SAAM,SAAS,KAAK,sBAAsB;IACzC,SAAS;IACT,MAAM;IACN,CAAC;;AAGH,MACC,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,yBAAyB,KAEpE,KAAI;AACH,SAAM,EAAE,QAAQ,gBAAgB,WAAW,QAAQ,KAAK,IAAI;IAC3D,MAAM,gBAAgB,MAAM;IAC5B,OAAO,gBAAgB,MAAM;IAC7B,CAAC;WACM,GAAQ;AAChB,WAAQ,KAAK,6BAA6B,EAAE,UAAU,CAAC;;AAIzD,SAAO,EAAE,KAAK;GACb,KAAK;GACL,QAAQ;GACR,UAAU;GACV,CAAC;;CAIH,MAAM,QAAQ,MAAM,cACnB,GACA;EACC,QAAQ,QAAQ,KAAK;EACrB,OAAO,QAAQ,KAAK;EACpB,EACD,EAAE,KAAK,eACP;CAED,MAAM,MAAM,MAAM,SAAS,uBAAuB;EACjD,OAAO,MAAM;EACb,cAAc,MAAM;EACpB,aAAa,GAAG,EAAE,QAAQ,QAAQ,YAAY,SAAS;EACvD,QAAQ,EAAE,KAAK;EACf,CAAC;AAEF,KAAI,CAAC,EAAE,KAAK,gBACX,GAAE,UAAU,YAAY,IAAI,UAAU,CAAC;AAGxC,QAAO,EAAE,KAAK;EACb,KAAK,IAAI,UAAU;EACnB,UAAU,CAAC,EAAE,KAAK;EAClB,CAAC;EAEH;AACD,MAAa,gBAAgB,mBAC5B,mBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,QAAQ,CAAC,UAAU;EAChC,CAAC;CACF,KAAK,CAAC,uBAAuB;CAC7B,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,cAAc,IAAI;CACtC,MAAM,WAAW,MAAM,IAAI,QAAQ,gBAAgB,aAClD,IAAI,QAAQ,QAAQ,KAAK,GACzB;AACD,KACC,SAAS,WAAW,KACpB,CAAC,IAAI,QAAQ,QAAQ,SAAS,gBAAgB,kBAE9C,OAAM,SAAS,KACd,eACA,iBAAiB,8BACjB;CAEF,MAAM,eAAe,SAAS,MAAM,YACnC,YACG,QAAQ,cAAc,aAAa,QAAQ,eAAe,aAC1D,QAAQ,eAAe,WAC1B;AACD,KAAI,CAAC,aACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;AAEvE,OAAM,IAAI,QAAQ,gBAAgB,cAAc,aAAa,GAAG;AAChE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAED,MAAa,iBAAiB,mBAC7B,qBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;EACF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oDACb,CAAC,CACD,UAAU;EACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,2CACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,WAAW,EACV,MAAM,UACN;MACD,SAAS,EACR,MAAM,UACN;MACD,aAAa,EACZ,MAAM,UACN;MACD,sBAAsB;OACrB,MAAM;OACN,QAAQ;OACR;MACD;KACD,EACD,EACD;IACD;GACD,KAAK,EACJ,aAAa,mDACb;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,WAAW,WAAW,IAAI,QAAQ,EAAE;CACxD,MAAM,MAAM,IAAI;CAChB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,OAAO,CAAC,QACX,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,iBAAiB,SAAS,MAAM,MAAM;AAC5C,KAAI,CAAC,eACJ,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,WAAW,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,EACrE,OAAO,YACP,CAAC;AACF,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;CAEH,MAAM,cAAc,MAAM,iBAAiB,IAAI;CAC/C,IAAI,UAA+B;AACnC,KACC,eACA,eAAe,YAAY,eAC1B,CAAC,aAAa,YAAY,OAAO,WAElC,WAAU;KAIV,YADC,MAAM,IAAI,QAAQ,gBAAgB,aAAa,eAAe,EAC5C,MAAM,QACxB,YACG,IAAI,cAAc,aAAa,IAAI,eAAe,aAClD,IAAI,eAAe,WACtB;AAGF,KAAI,CAAC,QACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;AAGvE,KAAI;EACH,IAAI,YAAiC;EACrC,MAAM,qBACL,QAAQ,wBACR,IAAI,KAAK,QAAQ,qBAAqB,CAAC,SAAS,GAAG,KAAK,KAAK,GAAG;AACjE,MACC,QAAQ,gBACR,sBACA,SAAS,oBACR;GACD,MAAM,eAAe,MAAM,kBAC1B,QAAQ,cACR,IAAI,QACJ;AACD,eAAY,MAAM,SAAS,mBAAmB,aAAa;GAC3D,MAAM,cAAc;IACnB,aAAa,MAAM,aAAa,WAAW,aAAa,IAAI,QAAQ;IACpE,sBAAsB,WAAW;IACjC,cAAc,WAAW,eACtB,MAAM,aAAa,UAAU,cAAc,IAAI,QAAQ,GACvD,QAAQ;IACX,uBACC,WAAW,yBAAyB,QAAQ;IAC7C,SAAS,WAAW,WAAW,QAAQ;IACvC;GACD,IAAI,iBAA6C;AACjD,OAAI,QAAQ,GACX,kBAAiB,MAAM,IAAI,QAAQ,gBAAgB,cAClD,QAAQ,IACR,YACA;AAEF,OAAI,IAAI,QAAQ,QAAQ,SAAS,mBAChC,OAAM,iBAAiB,KAAK;IAC3B,GAAG;IACH,GAAI,kBAAkB;IACtB,CAAC;;EAIJ,MAAM,8BAA8B;AACnC,OAAI,WAAW,sBAAsB;AACpC,QAAI,OAAO,UAAU,yBAAyB,SAC7C,QAAO,IAAI,KAAK,UAAU,qBAAqB;AAEhD,WAAO,UAAU;;AAElB,OAAI,QAAQ,sBAAsB;AACjC,QAAI,OAAO,QAAQ,yBAAyB,SAC3C,QAAO,IAAI,KAAK,QAAQ,qBAAqB;AAE9C,WAAO,QAAQ;;MAGb;EAEJ,MAAM,SAAS;GACd,aACC,WAAW,eACV,MAAM,kBAAkB,QAAQ,eAAe,IAAI,IAAI,QAAQ;GACjE;GACA,QAAQ,QAAQ,OAAO,MAAM,IAAI,IAAI,EAAE;GACvC,SAAS,WAAW,WAAW,QAAQ,WAAW;GAClD;AACD,SAAO,IAAI,KAAK,OAAO;UACf,QAAQ;AAChB,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;EAGJ;AAED,MAAa,eAAe,mBAC3B,kBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;EACF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oDACb,CAAC,CACD,UAAU;EACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,2CACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,WAAW,EACV,MAAM,UACN;MACD,SAAS,EACR,MAAM,UACN;MACD,aAAa,EACZ,MAAM,UACN;MACD,cAAc,EACb,MAAM,UACN;MACD,sBAAsB;OACrB,MAAM;OACN,QAAQ;OACR;MACD,uBAAuB;OACtB,MAAM;OACN,QAAQ;OACR;MACD;KACD,EACD,EACD;IACD;GACD,KAAK,EACJ,aAAa,mDACb;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,WAAW,WAAW,IAAI;CAC9C,MAAM,MAAM,IAAI;CAChB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,OAAO,CAAC,QACX,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,iBAAiB,SAAS,MAAM,MAAM;AAC5C,KAAI,CAAC,eACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;CAEH,MAAM,WAAW,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,EACrE,OAAO,YACP,CAAC;AACF,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;AAEH,KAAI,CAAC,SAAS,mBACb,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;CAIH,IAAI,UAA+B;CACnC,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,KACC,gBACC,CAAC,cAAc,eAAe,aAAa,YAE5C,WAAU;KAIV,YADC,MAAM,IAAI,QAAQ,gBAAgB,aAAa,eAAe,EAC5C,MAAM,QACxB,YACG,IAAI,cAAc,aAAa,IAAI,eAAe,aAClD,IAAI,eAAe,WACtB;AAGF,KAAI,CAAC,QACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,IAAI,eAA0C;AAC9C,KAAI,eAAe,eAAe,YAAY,WAC7C,gBAAe,YAAY,gBAAgB;KAE3C,gBAAe,QAAQ,gBAAgB;AAGxC,KAAI,CAAC,aACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;AAGH,KAAI;EACH,MAAM,wBAAwB,MAAM,kBACnC,cACA,IAAI,QACJ;EACD,MAAM,SAAuB,MAAM,SAAS,mBAC3C,sBACA;EAED,MAAM,uBAAuB,OAAO,eACjC,MAAM,aAAa,OAAO,cAAc,IAAI,QAAQ,GACpD;EACH,MAAM,gCACL,OAAO,yBAAyB,QAAQ;AAEzC,MAAI,QAAQ,IAAI;GACf,MAAM,aAAa;IAClB,GAAI,WAAW,EAAE;IACjB,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;IAChE,cAAc;IACd,sBAAsB,OAAO;IAC7B,uBAAuB;IACvB,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ;IAC3C,SAAS,OAAO,WAAW,QAAQ;IACnC;AACD,SAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,IAAI,WAAW;;AAGxE,MACC,eACA,eAAe,YAAY,cAC3B,IAAI,QAAQ,QAAQ,SAAS,mBAW7B,OAAM,iBAAiB,KATJ;GAClB,GAAG;GACH,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;GAChE,cAAc;GACd,sBAAsB,OAAO;GAC7B,uBAAuB;GACvB,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,YAAY;GAC/C,SAAS,OAAO,WAAW,YAAY;GACvC,CACsC;AAExC,SAAO,IAAI,KAAK;GACf,aAAa,OAAO;GACpB,cAAc,OAAO,gBAAgB;GACrC,sBAAsB,OAAO;GAC7B,uBAAuB;GACvB,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ;GAC3C,SAAS,OAAO,WAAW,QAAQ;GACnC,YAAY,QAAQ;GACpB,WAAW,QAAQ;GACnB,CAAC;UACM,QAAQ;AAChB,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;EAGJ;AAED,MAAM,yBAAyB,EAAE,SAChC,EAAE,OAAO,EACR,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aACC,mEACD,CAAC,CACD,UAAU,EACZ,CAAC,CACF;AAED,MAAa,cAAc,mBAC1B,iBACA;CACC,QAAQ;CACR,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,MAAM;MACL,MAAM;MACN,YAAY;OACX,IAAI,EACH,MAAM,UACN;OACD,MAAM,EACL,MAAM,UACN;OACD,OAAO,EACN,MAAM,UACN;OACD,OAAO,EACN,MAAM,UACN;OACD,eAAe,EACd,MAAM,WACN;OACD;MACD,UAAU,CAAC,MAAM,gBAAgB;MACjC;KACD,MAAM;MACL,MAAM;MACN,YAAY,EAAE;MACd,sBAAsB;MACtB;KACD;IACD,UAAU,CAAC,QAAQ,OAAO;IAC1B,sBAAsB;IACtB,EACD,EACD;GACD,EACD;EACD,EACD;CACD,OAAO;CACP,EACD,OAAO,QAAQ;CACd,MAAM,oBAAoB,IAAI,OAAO;CACrC,IAAI,UAA+B;AACnC,KAAI,CAAC,mBACJ;MAAI,IAAI,QAAQ,QAAQ,SAAS,oBAAoB;GACpD,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,OAAI,YACH,WAAU;;QAGN;EACN,MAAM,cACL,MAAM,IAAI,QAAQ,gBAAgB,YAAY,kBAAkB;AACjE,MAAI,YACH,WAAU;;AAIZ,KAAI,CAAC,WAAW,QAAQ,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAC3D,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,MAAM,WAAW,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,EACrE,OAAO,QAAQ,YACf,CAAC;AAEF,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,yBAAyB;EAC5C,SAAS,gCAAgC,QAAQ,WAAW;EAC5D,MAAM;EACN,CAAC;CAEH,MAAM,SAAS,MAAM,eAAe;EACnC,GAAG;EACH,QAAQ;EACR,MAAM;GACL,WAAW,QAAQ;GACnB,YAAY,QAAQ;GACpB;EACD,eAAe;EACf,cAAc;EACd,CAAC;AACF,KAAI,CAAC,OAAO,YACX,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;CAEH,MAAM,OAAO,MAAM,SAAS,YAAY;EACvC,GAAG;EACH,aAAa,OAAO;EACpB,CAAC;AACF,QAAO,IAAI,KAAK,KAAK;EAEtB"}
|
package/dist/client/index.d.mts
CHANGED
|
@@ -7,7 +7,7 @@ import { parseJSON } from "./parser.mjs";
|
|
|
7
7
|
import { AuthQueryAtom, useAuthQuery } from "./query.mjs";
|
|
8
8
|
import { SessionRefreshOptions, createSessionRefreshManager } from "./session-refresh.mjs";
|
|
9
9
|
import { AuthClient, createAuthClient } from "./vanilla.mjs";
|
|
10
|
-
import { AccessControl, Role, Statements, SubArray, Subset } from "../plugins/access/types.mjs";
|
|
10
|
+
import { AccessControl, ArrayElement, Role, Statements, SubArray, Subset } from "../plugins/access/types.mjs";
|
|
11
11
|
import { AuthorizeResponse, createAccessControl, role } from "../plugins/access/access.mjs";
|
|
12
12
|
import "../plugins/access/index.mjs";
|
|
13
13
|
import { OrganizationOptions } from "../plugins/organization/types.mjs";
|
|
@@ -31,5 +31,5 @@ declare function InferAuth<O extends {
|
|
|
31
31
|
options: BetterAuthOptions;
|
|
32
32
|
}>(): O["options"];
|
|
33
33
|
//#endregion
|
|
34
|
-
export { AccessControl, AuthClient, AuthQueryAtom, AuthorizeResponse, BetterAuthClientOptions, BetterAuthClientPlugin, BroadcastChannel, BroadcastListener, BroadcastMessage, ClientAtomListener, ClientStore, type DBPrimitive, DefaultOrganizationPlugin, DynamicAccessControlEndpoints, type FocusListener, type FocusManager, HasRequiredKeys, InferActions, InferAdditionalFromClient, InferAuth, InferClientAPI, InferErrorCodes, InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPlugin, InferSessionFromClient, InferTeam, InferUserFromClient, Invitation, InvitationInput, InvitationStatus, IsSignal, Member, MemberInput, type OnlineListener, type OnlineManager, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Prettify, PrettifyDeep, RequiredKeysOf, Role, SessionQueryParams, SessionRefreshOptions, Statements, StripEmptyObjects, SubArray, Subset, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, type UnionToIntersection, createAccessControl, createAuthClient, createSessionRefreshManager, defaultRolesSchema, getGlobalBroadcastChannel, getOrgAdapter, hasPermission, invitationSchema, invitationStatus, kBroadcastChannel, kFocusManager, kOnlineManager, memberSchema, organization, organizationRoleSchema, organizationSchema, parseJSON, parseRoles, role, roleSchema, teamMemberSchema, teamSchema, useAuthQuery };
|
|
34
|
+
export { AccessControl, ArrayElement, AuthClient, AuthQueryAtom, AuthorizeResponse, BetterAuthClientOptions, BetterAuthClientPlugin, BroadcastChannel, BroadcastListener, BroadcastMessage, ClientAtomListener, ClientStore, type DBPrimitive, DefaultOrganizationPlugin, DynamicAccessControlEndpoints, type FocusListener, type FocusManager, HasRequiredKeys, InferActions, InferAdditionalFromClient, InferAuth, InferClientAPI, InferErrorCodes, InferInvitation, InferMember, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPlugin, InferSessionFromClient, InferTeam, InferUserFromClient, Invitation, InvitationInput, InvitationStatus, IsSignal, Member, MemberInput, type OnlineListener, type OnlineManager, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Prettify, PrettifyDeep, RequiredKeysOf, Role, SessionQueryParams, SessionRefreshOptions, Statements, StripEmptyObjects, SubArray, Subset, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, type UnionToIntersection, createAccessControl, createAuthClient, createSessionRefreshManager, defaultRolesSchema, getGlobalBroadcastChannel, getOrgAdapter, hasPermission, invitationSchema, invitationStatus, kBroadcastChannel, kFocusManager, kOnlineManager, memberSchema, organization, organizationRoleSchema, organizationSchema, parseJSON, parseRoles, role, roleSchema, teamMemberSchema, teamSchema, useAuthQuery };
|
|
35
35
|
//# sourceMappingURL=index.d.mts.map
|
|
@@ -17,7 +17,7 @@ declare const HOST_COOKIE_PREFIX = "__Host-";
|
|
|
17
17
|
*/
|
|
18
18
|
declare function stripSecureCookiePrefix(cookieName: string): string;
|
|
19
19
|
/**
|
|
20
|
-
* Split `Set-Cookie` header
|
|
20
|
+
* Split a comma-joined `Set-Cookie` header string into individual cookies.
|
|
21
21
|
*/
|
|
22
22
|
declare function splitSetCookieHeader(setCookie: string): string[];
|
|
23
23
|
declare function parseSetCookieHeader(setCookie: string): Map<string, CookieAttributes>;
|
|
@@ -1,4 +1,11 @@
|
|
|
1
1
|
//#region src/cookies/cookie-utils.ts
|
|
2
|
+
function tryDecode(str) {
|
|
3
|
+
try {
|
|
4
|
+
return decodeURIComponent(str);
|
|
5
|
+
} catch {
|
|
6
|
+
return str;
|
|
7
|
+
}
|
|
8
|
+
}
|
|
2
9
|
const SECURE_COOKIE_PREFIX = "__Secure-";
|
|
3
10
|
const HOST_COOKIE_PREFIX = "__Host-";
|
|
4
11
|
/**
|
|
@@ -10,34 +17,31 @@ function stripSecureCookiePrefix(cookieName) {
|
|
|
10
17
|
return cookieName;
|
|
11
18
|
}
|
|
12
19
|
/**
|
|
13
|
-
* Split `Set-Cookie` header
|
|
20
|
+
* Split a comma-joined `Set-Cookie` header string into individual cookies.
|
|
14
21
|
*/
|
|
15
22
|
function splitSetCookieHeader(setCookie) {
|
|
16
23
|
if (!setCookie) return [];
|
|
17
24
|
const result = [];
|
|
18
|
-
let
|
|
25
|
+
let start = 0;
|
|
19
26
|
let i = 0;
|
|
20
27
|
while (i < setCookie.length) {
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
i
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
if (i < setCookie.length && setCookie[i] === " ") i++;
|
|
28
|
+
if (setCookie[i] === ",") {
|
|
29
|
+
let j = i + 1;
|
|
30
|
+
while (j < setCookie.length && setCookie[j] === " ") j++;
|
|
31
|
+
while (j < setCookie.length && setCookie[j] !== "=" && setCookie[j] !== ";" && setCookie[j] !== ",") j++;
|
|
32
|
+
if (j < setCookie.length && setCookie[j] === "=") {
|
|
33
|
+
const part = setCookie.slice(start, i).trim();
|
|
34
|
+
if (part) result.push(part);
|
|
35
|
+
start = i + 1;
|
|
36
|
+
while (start < setCookie.length && setCookie[start] === " ") start++;
|
|
37
|
+
i = start;
|
|
38
|
+
continue;
|
|
33
39
|
}
|
|
34
|
-
continue;
|
|
35
40
|
}
|
|
36
|
-
current += c;
|
|
37
41
|
i++;
|
|
38
42
|
}
|
|
39
|
-
const
|
|
40
|
-
if (
|
|
43
|
+
const last = setCookie.slice(start).trim();
|
|
44
|
+
if (last) result.push(last);
|
|
41
45
|
return result;
|
|
42
46
|
}
|
|
43
47
|
function parseSetCookieHeader(setCookie) {
|
|
@@ -47,7 +51,7 @@ function parseSetCookieHeader(setCookie) {
|
|
|
47
51
|
const [name, ...valueParts] = (nameValue || "").split("=");
|
|
48
52
|
const value = valueParts.join("=");
|
|
49
53
|
if (!name || value === void 0) return;
|
|
50
|
-
const attrObj = { value };
|
|
54
|
+
const attrObj = { value: value.includes("%") ? tryDecode(value) : value };
|
|
51
55
|
attributes.forEach((attribute) => {
|
|
52
56
|
const [attrName, ...attrValueParts] = attribute.split("=");
|
|
53
57
|
const attrValue = attrValueParts.join("=");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie-utils.mjs","names":[],"sources":["../../src/cookies/cookie-utils.ts"],"sourcesContent":["
|
|
1
|
+
{"version":3,"file":"cookie-utils.mjs","names":[],"sources":["../../src/cookies/cookie-utils.ts"],"sourcesContent":["function tryDecode(str: string): string {\n\ttry {\n\t\treturn decodeURIComponent(str);\n\t} catch {\n\t\treturn str;\n\t}\n}\n\nexport interface CookieAttributes {\n\tvalue: string;\n\t\"max-age\"?: number | undefined;\n\texpires?: Date | undefined;\n\tdomain?: string | undefined;\n\tpath?: string | undefined;\n\tsecure?: boolean | undefined;\n\thttponly?: boolean | undefined;\n\tsamesite?: (\"strict\" | \"lax\" | \"none\") | undefined;\n\t[key: string]: any;\n}\n\nexport const SECURE_COOKIE_PREFIX = \"__Secure-\";\nexport const HOST_COOKIE_PREFIX = \"__Host-\";\n\n/**\n * Remove __Secure- or __Host- prefix from cookie name.\n */\nexport function stripSecureCookiePrefix(cookieName: string): string {\n\tif (cookieName.startsWith(SECURE_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(SECURE_COOKIE_PREFIX.length);\n\t}\n\tif (cookieName.startsWith(HOST_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(HOST_COOKIE_PREFIX.length);\n\t}\n\treturn cookieName;\n}\n\n/**\n * Split a comma-joined `Set-Cookie` header string into individual cookies.\n */\nexport function splitSetCookieHeader(setCookie: string): string[] {\n\tif (!setCookie) return [];\n\n\tconst result: string[] = [];\n\tlet start = 0;\n\tlet i = 0;\n\n\twhile (i < setCookie.length) {\n\t\tif (setCookie[i] === \",\") {\n\t\t\tlet j = i + 1;\n\t\t\twhile (j < setCookie.length && setCookie[j] === \" \") j++;\n\t\t\twhile (\n\t\t\t\tj < setCookie.length &&\n\t\t\t\tsetCookie[j] !== \"=\" &&\n\t\t\t\tsetCookie[j] !== \";\" &&\n\t\t\t\tsetCookie[j] !== \",\"\n\t\t\t) {\n\t\t\t\tj++;\n\t\t\t}\n\n\t\t\tif (j < setCookie.length && setCookie[j] === \"=\") {\n\t\t\t\tconst part = setCookie.slice(start, i).trim();\n\t\t\t\tif (part) result.push(part);\n\t\t\t\tstart = i + 1;\n\t\t\t\twhile (start < setCookie.length && setCookie[start] === \" \") start++;\n\t\t\t\ti = start;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t}\n\n\t\ti++;\n\t}\n\n\tconst last = setCookie.slice(start).trim();\n\tif (last) result.push(last);\n\n\treturn result;\n}\n\nexport function parseSetCookieHeader(\n\tsetCookie: string,\n): Map<string, CookieAttributes> {\n\tconst cookies = new Map<string, CookieAttributes>();\n\tconst cookieArray = splitSetCookieHeader(setCookie);\n\n\tcookieArray.forEach((cookieString) => {\n\t\tconst parts = cookieString.split(\";\").map((part) => part.trim());\n\t\tconst [nameValue, ...attributes] = parts;\n\t\tconst [name, ...valueParts] = (nameValue || \"\").split(\"=\");\n\n\t\tconst value = valueParts.join(\"=\");\n\n\t\tif (!name || value === undefined) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst decodedValue = value.includes(\"%\") ? tryDecode(value) : value;\n\t\tconst attrObj: CookieAttributes = { value: decodedValue };\n\n\t\tattributes.forEach((attribute) => {\n\t\t\tconst [attrName, ...attrValueParts] = attribute!.split(\"=\");\n\t\t\tconst attrValue = attrValueParts.join(\"=\");\n\n\t\t\tconst normalizedAttrName = attrName!.trim().toLowerCase();\n\n\t\t\tswitch (normalizedAttrName) {\n\t\t\t\tcase \"max-age\":\n\t\t\t\t\tattrObj[\"max-age\"] = attrValue\n\t\t\t\t\t\t? parseInt(attrValue.trim(), 10)\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"expires\":\n\t\t\t\t\tattrObj.expires = attrValue ? new Date(attrValue.trim()) : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"domain\":\n\t\t\t\t\tattrObj.domain = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"path\":\n\t\t\t\t\tattrObj.path = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"secure\":\n\t\t\t\t\tattrObj.secure = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"httponly\":\n\t\t\t\t\tattrObj.httponly = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"samesite\":\n\t\t\t\t\tattrObj.samesite = attrValue\n\t\t\t\t\t\t? (attrValue.trim().toLowerCase() as \"strict\" | \"lax\" | \"none\")\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\t// Handle any other attributes\n\t\t\t\t\tattrObj[normalizedAttrName] = attrValue ? attrValue.trim() : true;\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t});\n\n\t\tcookies.set(name, attrObj);\n\t});\n\n\treturn cookies;\n}\n\nexport function setCookieToHeader(headers: Headers) {\n\treturn (context: { response: Response }) => {\n\t\tconst setCookieHeader = context.response.headers.get(\"set-cookie\");\n\t\tif (!setCookieHeader) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst cookieMap = new Map<string, string>();\n\n\t\tconst existingCookiesHeader = headers.get(\"cookie\") || \"\";\n\t\texistingCookiesHeader.split(\";\").forEach((cookie) => {\n\t\t\tconst [name, ...rest] = cookie!.trim().split(\"=\");\n\t\t\tif (name && rest.length > 0) {\n\t\t\t\tcookieMap.set(name, rest.join(\"=\"));\n\t\t\t}\n\t\t});\n\n\t\tconst cookies = parseSetCookieHeader(setCookieHeader);\n\t\tcookies.forEach((value, name) => {\n\t\t\tcookieMap.set(name, value.value);\n\t\t});\n\n\t\tconst updatedCookies = Array.from(cookieMap.entries())\n\t\t\t.map(([name, value]) => `${name}=${value}`)\n\t\t\t.join(\"; \");\n\t\theaders.set(\"cookie\", updatedCookies);\n\t};\n}\n"],"mappings":";AAAA,SAAS,UAAU,KAAqB;AACvC,KAAI;AACH,SAAO,mBAAmB,IAAI;SACvB;AACP,SAAO;;;AAgBT,MAAa,uBAAuB;AACpC,MAAa,qBAAqB;;;;AAKlC,SAAgB,wBAAwB,YAA4B;AACnE,KAAI,WAAW,WAAW,qBAAqB,CAC9C,QAAO,WAAW,MAAM,EAA4B;AAErD,KAAI,WAAW,WAAW,mBAAmB,CAC5C,QAAO,WAAW,MAAM,EAA0B;AAEnD,QAAO;;;;;AAMR,SAAgB,qBAAqB,WAA6B;AACjE,KAAI,CAAC,UAAW,QAAO,EAAE;CAEzB,MAAM,SAAmB,EAAE;CAC3B,IAAI,QAAQ;CACZ,IAAI,IAAI;AAER,QAAO,IAAI,UAAU,QAAQ;AAC5B,MAAI,UAAU,OAAO,KAAK;GACzB,IAAI,IAAI,IAAI;AACZ,UAAO,IAAI,UAAU,UAAU,UAAU,OAAO,IAAK;AACrD,UACC,IAAI,UAAU,UACd,UAAU,OAAO,OACjB,UAAU,OAAO,OACjB,UAAU,OAAO,IAEjB;AAGD,OAAI,IAAI,UAAU,UAAU,UAAU,OAAO,KAAK;IACjD,MAAM,OAAO,UAAU,MAAM,OAAO,EAAE,CAAC,MAAM;AAC7C,QAAI,KAAM,QAAO,KAAK,KAAK;AAC3B,YAAQ,IAAI;AACZ,WAAO,QAAQ,UAAU,UAAU,UAAU,WAAW,IAAK;AAC7D,QAAI;AACJ;;;AAIF;;CAGD,MAAM,OAAO,UAAU,MAAM,MAAM,CAAC,MAAM;AAC1C,KAAI,KAAM,QAAO,KAAK,KAAK;AAE3B,QAAO;;AAGR,SAAgB,qBACf,WACgC;CAChC,MAAM,0BAAU,IAAI,KAA+B;AAGnD,CAFoB,qBAAqB,UAAU,CAEvC,SAAS,iBAAiB;EAErC,MAAM,CAAC,WAAW,GAAG,cADP,aAAa,MAAM,IAAI,CAAC,KAAK,SAAS,KAAK,MAAM,CAAC;EAEhE,MAAM,CAAC,MAAM,GAAG,eAAe,aAAa,IAAI,MAAM,IAAI;EAE1D,MAAM,QAAQ,WAAW,KAAK,IAAI;AAElC,MAAI,CAAC,QAAQ,UAAU,OACtB;EAID,MAAM,UAA4B,EAAE,OADf,MAAM,SAAS,IAAI,GAAG,UAAU,MAAM,GAAG,OACL;AAEzD,aAAW,SAAS,cAAc;GACjC,MAAM,CAAC,UAAU,GAAG,kBAAkB,UAAW,MAAM,IAAI;GAC3D,MAAM,YAAY,eAAe,KAAK,IAAI;GAE1C,MAAM,qBAAqB,SAAU,MAAM,CAAC,aAAa;AAEzD,WAAQ,oBAAR;IACC,KAAK;AACJ,aAAQ,aAAa,YAClB,SAAS,UAAU,MAAM,EAAE,GAAG,GAC9B;AACH;IACD,KAAK;AACJ,aAAQ,UAAU,YAAY,IAAI,KAAK,UAAU,MAAM,CAAC,GAAG;AAC3D;IACD,KAAK;AACJ,aAAQ,SAAS,YAAY,UAAU,MAAM,GAAG;AAChD;IACD,KAAK;AACJ,aAAQ,OAAO,YAAY,UAAU,MAAM,GAAG;AAC9C;IACD,KAAK;AACJ,aAAQ,SAAS;AACjB;IACD,KAAK;AACJ,aAAQ,WAAW;AACnB;IACD,KAAK;AACJ,aAAQ,WAAW,YACf,UAAU,MAAM,CAAC,aAAa,GAC/B;AACH;IACD;AAEC,aAAQ,sBAAsB,YAAY,UAAU,MAAM,GAAG;AAC7D;;IAED;AAEF,UAAQ,IAAI,MAAM,QAAQ;GACzB;AAEF,QAAO;;AAGR,SAAgB,kBAAkB,SAAkB;AACnD,SAAQ,YAAoC;EAC3C,MAAM,kBAAkB,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAClE,MAAI,CAAC,gBACJ;EAGD,MAAM,4BAAY,IAAI,KAAqB;AAG3C,GAD8B,QAAQ,IAAI,SAAS,IAAI,IACjC,MAAM,IAAI,CAAC,SAAS,WAAW;GACpD,MAAM,CAAC,MAAM,GAAG,QAAQ,OAAQ,MAAM,CAAC,MAAM,IAAI;AACjD,OAAI,QAAQ,KAAK,SAAS,EACzB,WAAU,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC;IAEnC;AAGF,EADgB,qBAAqB,gBAAgB,CAC7C,SAAS,OAAO,SAAS;AAChC,aAAU,IAAI,MAAM,MAAM,MAAM;IAC/B;EAEF,MAAM,iBAAiB,MAAM,KAAK,UAAU,SAAS,CAAC,CACpD,KAAK,CAAC,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAC1C,KAAK,KAAK;AACZ,UAAQ,IAAI,UAAU,eAAe"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"next-js.mjs","names":[],"sources":["../../src/integrations/next-js.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { setShouldSkipSessionRefresh } from \"../api/state/should-session-refresh\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\nexport function toNextJsHandler(\n\tauth:\n\t\t| {\n\t\t\t\thandler: (request: Request) => Promise<Response>;\n\t\t }\n\t\t| ((request: Request) => Promise<Response>),\n) {\n\tconst handler = async (request: Request) => {\n\t\treturn \"handler\" in auth ? auth.handler(request) : auth(request);\n\t};\n\treturn {\n\t\tGET: handler,\n\t\tPOST: handler,\n\t\tPATCH: handler,\n\t\tPUT: handler,\n\t\tDELETE: handler,\n\t};\n}\n\nexport const nextCookies = () => {\n\treturn {\n\t\tid: \"next-cookies\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn ctx.path === \"/get-session\";\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async () => {\n\t\t\t\t\t\t// Detect Server Component by testing if cookies can be modified.\n\t\t\t\t\t\t// In Server Components, `cookies().set()` throws an error.\n\t\t\t\t\t\t// In Server Actions or Route Handlers, it succeeds.\n\t\t\t\t\t\tlet cookieStore: Awaited<\n\t\t\t\t\t\t\tReturnType<typeof import(\"next/headers.js\").cookies>\n\t\t\t\t\t\t>;\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tcookieStore = await cookies();\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t// import failed or not in request context\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tcookieStore.set(\"__better-auth-cookie-store\", \"1\", { maxAge: 0 });\n\t\t\t\t\t\t\t// If cookie was set successfully, we should clean up.\n\t\t\t\t\t\t\tcookieStore.delete(\"__better-auth-cookie-store\");\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\tawait setShouldSkipSessionRefresh(true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tlet cookieHelper: Awaited<ReturnType<typeof cookies>>;\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\tcookieHelper = await cookies();\n\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t\terror instanceof Error &&\n\t\t\t\t\t\t\t\t\terror.message.startsWith(\n\t\t\t\t\t\t\t\t\t\t\"`cookies` was called outside a request scope.\",\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t// If error it means the `cookies` was called outside request scope.\n\t\t\t\t\t\t\t\t\t// NextJS docs on this: https://nextjs.org/docs/messages/next-dynamic-api-wrong-context\n\t\t\t\t\t\t\t\t\t// This often gets called in a monorepo workspace (outside of NextJS),\n\t\t\t\t\t\t\t\t\t// so we will try to catch this suppress it, and ignore using next-cookies.\n\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t// If it's an unexpected error, throw it.\n\t\t\t\t\t\t\t\tthrow error;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tcookieHelper.set(key,
|
|
1
|
+
{"version":3,"file":"next-js.mjs","names":[],"sources":["../../src/integrations/next-js.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { setShouldSkipSessionRefresh } from \"../api/state/should-session-refresh\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\nexport function toNextJsHandler(\n\tauth:\n\t\t| {\n\t\t\t\thandler: (request: Request) => Promise<Response>;\n\t\t }\n\t\t| ((request: Request) => Promise<Response>),\n) {\n\tconst handler = async (request: Request) => {\n\t\treturn \"handler\" in auth ? auth.handler(request) : auth(request);\n\t};\n\treturn {\n\t\tGET: handler,\n\t\tPOST: handler,\n\t\tPATCH: handler,\n\t\tPUT: handler,\n\t\tDELETE: handler,\n\t};\n}\n\nexport const nextCookies = () => {\n\treturn {\n\t\tid: \"next-cookies\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn ctx.path === \"/get-session\";\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async () => {\n\t\t\t\t\t\t// Detect Server Component by testing if cookies can be modified.\n\t\t\t\t\t\t// In Server Components, `cookies().set()` throws an error.\n\t\t\t\t\t\t// In Server Actions or Route Handlers, it succeeds.\n\t\t\t\t\t\tlet cookieStore: Awaited<\n\t\t\t\t\t\t\tReturnType<typeof import(\"next/headers.js\").cookies>\n\t\t\t\t\t\t>;\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tcookieStore = await cookies();\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t// import failed or not in request context\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tcookieStore.set(\"__better-auth-cookie-store\", \"1\", { maxAge: 0 });\n\t\t\t\t\t\t\t// If cookie was set successfully, we should clean up.\n\t\t\t\t\t\t\tcookieStore.delete(\"__better-auth-cookie-store\");\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\tawait setShouldSkipSessionRefresh(true);\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { cookies } = await import(\"next/headers.js\");\n\t\t\t\t\t\t\tlet cookieHelper: Awaited<ReturnType<typeof cookies>>;\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\tcookieHelper = await cookies();\n\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t\terror instanceof Error &&\n\t\t\t\t\t\t\t\t\terror.message.startsWith(\n\t\t\t\t\t\t\t\t\t\t\"`cookies` was called outside a request scope.\",\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t// If error it means the `cookies` was called outside request scope.\n\t\t\t\t\t\t\t\t\t// NextJS docs on this: https://nextjs.org/docs/messages/next-dynamic-api-wrong-context\n\t\t\t\t\t\t\t\t\t// This often gets called in a monorepo workspace (outside of NextJS),\n\t\t\t\t\t\t\t\t\t// so we will try to catch this suppress it, and ignore using next-cookies.\n\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t// If it's an unexpected error, throw it.\n\t\t\t\t\t\t\t\tthrow error;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tcookieHelper.set(key, value.value, opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;AAKA,SAAgB,gBACf,MAKC;CACD,MAAM,UAAU,OAAO,YAAqB;AAC3C,SAAO,aAAa,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,QAAQ;;AAEjE,QAAO;EACN,KAAK;EACL,MAAM;EACN,OAAO;EACP,KAAK;EACL,QAAQ;EACR;;AAGF,MAAa,oBAAoB;AAChC,QAAO;EACN,IAAI;EACJ,OAAO;GACN,QAAQ,CACP;IACC,QAAQ,KAAK;AACZ,YAAO,IAAI,SAAS;;IAErB,SAAS,qBAAqB,YAAY;KAIzC,IAAI;AAGJ,SAAI;MACH,MAAM,EAAE,YAAY,MAAM,OAAO;AACjC,oBAAc,MAAM,SAAS;aACtB;AAEP;;AAED,SAAI;AACH,kBAAY,IAAI,8BAA8B,KAAK,EAAE,QAAQ,GAAG,CAAC;AAEjE,kBAAY,OAAO,6BAA6B;aACzC;AACP,YAAM,4BAA4B,KAAK;;MAEvC;IACF,CACD;GACD,OAAO,CACN;IACC,QAAQ,KAAK;AACZ,YAAO;;IAER,SAAS,qBAAqB,OAAO,QAAQ;KAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,SAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,SAAI,oBAAoB,SAAS;MAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,UAAI,CAAC,WAAY;MACjB,MAAM,SAAS,qBAAqB,WAAW;MAC/C,MAAM,EAAE,YAAY,MAAM,OAAO;MACjC,IAAI;AACJ,UAAI;AACH,sBAAe,MAAM,SAAS;eACtB,OAAO;AACf,WACC,iBAAiB,SACjB,MAAM,QAAQ,WACb,gDACA,CAMD;AAGD,aAAM;;AAEP,aAAO,SAAS,OAAO,QAAQ;AAC9B,WAAI,CAAC,IAAK;OACV,MAAM,OAAO;QACZ,UAAU,MAAM;QAChB,QAAQ,MAAM;QACd,QAAQ,MAAM;QACd,UAAU,MAAM;QAChB,QAAQ,MAAM;QACd,MAAM,MAAM;QACZ;AACD,WAAI;AACH,qBAAa,IAAI,KAAK,MAAM,OAAO,KAAK;eACjC;QAGP;AACF;;MAEA;IACF,CACD;GACD;EACD"}
|
|
@@ -37,7 +37,7 @@ const sveltekitCookies = (getRequestEvent) => {
|
|
|
37
37
|
if (!event) return;
|
|
38
38
|
const parsed = parseSetCookieHeader(setCookies);
|
|
39
39
|
for (const [name, { value, ...ops }] of parsed) try {
|
|
40
|
-
event.cookies.set(name,
|
|
40
|
+
event.cookies.set(name, value, {
|
|
41
41
|
sameSite: ops.samesite,
|
|
42
42
|
path: ops.path || "/",
|
|
43
43
|
expires: ops.expires,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"svelte-kit.mjs","names":[],"sources":["../../src/integrations/svelte-kit.ts"],"sourcesContent":["import { createAuthMiddleware } from \"@better-auth/core/api\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { parseSetCookieHeader } from \"../cookies\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../types\";\n\nexport const toSvelteKitHandler = (auth: {\n\thandler: (request: Request) => Response | Promise<Response>;\n\toptions: BetterAuthOptions;\n}) => {\n\treturn (event: { request: Request }) => auth.handler(event.request);\n};\n\nexport const svelteKitHandler = async ({\n\tauth,\n\tevent,\n\tresolve,\n\tbuilding,\n}: {\n\tauth: {\n\t\thandler: (request: Request) => Response | Promise<Response>;\n\t\toptions: BetterAuthOptions;\n\t};\n\tevent: RequestEvent;\n\tresolve: (event: RequestEvent) => Response | Promise<Response>;\n\tbuilding: boolean;\n}) => {\n\tif (building) {\n\t\treturn resolve(event);\n\t}\n\tconst { request, url } = event;\n\tif (isAuthPath(url.toString(), auth.options)) {\n\t\treturn auth.handler(request);\n\t}\n\treturn resolve(event);\n};\n\nexport function isAuthPath(url: string, options: BetterAuthOptions) {\n\tconst _url = new URL(url);\n\tconst baseURLStr =\n\t\ttypeof options.baseURL === \"string\" ? options.baseURL : undefined;\n\tconst baseURL = new URL(\n\t\t`${baseURLStr || _url.origin}${options.basePath || \"/api/auth\"}`,\n\t);\n\tif (_url.origin !== baseURL.origin) return false;\n\tif (\n\t\t!_url.pathname.startsWith(\n\t\t\tbaseURL.pathname.endsWith(\"/\")\n\t\t\t\t? baseURL.pathname\n\t\t\t\t: `${baseURL.pathname}/`,\n\t\t)\n\t)\n\t\treturn false;\n\treturn true;\n}\n\nexport const sveltekitCookies = (\n\tgetRequestEvent: () => RequestEvent<any, any>,\n) => {\n\treturn {\n\t\tid: \"sveltekit-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher() {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst event = getRequestEvent();\n\t\t\t\t\t\t\tif (!event) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\n\t\t\t\t\t\t\tfor (const [name, { value, ...ops }] of parsed) {\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tevent.cookies.set(name,
|
|
1
|
+
{"version":3,"file":"svelte-kit.mjs","names":[],"sources":["../../src/integrations/svelte-kit.ts"],"sourcesContent":["import { createAuthMiddleware } from \"@better-auth/core/api\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\nimport { parseSetCookieHeader } from \"../cookies\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../types\";\n\nexport const toSvelteKitHandler = (auth: {\n\thandler: (request: Request) => Response | Promise<Response>;\n\toptions: BetterAuthOptions;\n}) => {\n\treturn (event: { request: Request }) => auth.handler(event.request);\n};\n\nexport const svelteKitHandler = async ({\n\tauth,\n\tevent,\n\tresolve,\n\tbuilding,\n}: {\n\tauth: {\n\t\thandler: (request: Request) => Response | Promise<Response>;\n\t\toptions: BetterAuthOptions;\n\t};\n\tevent: RequestEvent;\n\tresolve: (event: RequestEvent) => Response | Promise<Response>;\n\tbuilding: boolean;\n}) => {\n\tif (building) {\n\t\treturn resolve(event);\n\t}\n\tconst { request, url } = event;\n\tif (isAuthPath(url.toString(), auth.options)) {\n\t\treturn auth.handler(request);\n\t}\n\treturn resolve(event);\n};\n\nexport function isAuthPath(url: string, options: BetterAuthOptions) {\n\tconst _url = new URL(url);\n\tconst baseURLStr =\n\t\ttypeof options.baseURL === \"string\" ? options.baseURL : undefined;\n\tconst baseURL = new URL(\n\t\t`${baseURLStr || _url.origin}${options.basePath || \"/api/auth\"}`,\n\t);\n\tif (_url.origin !== baseURL.origin) return false;\n\tif (\n\t\t!_url.pathname.startsWith(\n\t\t\tbaseURL.pathname.endsWith(\"/\")\n\t\t\t\t? baseURL.pathname\n\t\t\t\t: `${baseURL.pathname}/`,\n\t\t)\n\t)\n\t\treturn false;\n\treturn true;\n}\n\nexport const sveltekitCookies = (\n\tgetRequestEvent: () => RequestEvent<any, any>,\n) => {\n\treturn {\n\t\tid: \"sveltekit-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher() {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst event = getRequestEvent();\n\t\t\t\t\t\t\tif (!event) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\n\t\t\t\t\t\t\tfor (const [name, { value, ...ops }] of parsed) {\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tevent.cookies.set(name, value, {\n\t\t\t\t\t\t\t\t\t\tsameSite: ops.samesite,\n\t\t\t\t\t\t\t\t\t\tpath: ops.path || \"/\",\n\t\t\t\t\t\t\t\t\t\texpires: ops.expires,\n\t\t\t\t\t\t\t\t\t\tsecure: ops.secure,\n\t\t\t\t\t\t\t\t\t\thttpOnly: ops.httponly,\n\t\t\t\t\t\t\t\t\t\tdomain: ops.domain,\n\t\t\t\t\t\t\t\t\t\tmaxAge: ops[\"max-age\"],\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will avoid any issue related to already streamed response\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;AAKA,MAAa,sBAAsB,SAG7B;AACL,SAAQ,UAAgC,KAAK,QAAQ,MAAM,QAAQ;;AAGpE,MAAa,mBAAmB,OAAO,EACtC,MACA,OACA,SACA,eASK;AACL,KAAI,SACH,QAAO,QAAQ,MAAM;CAEtB,MAAM,EAAE,SAAS,QAAQ;AACzB,KAAI,WAAW,IAAI,UAAU,EAAE,KAAK,QAAQ,CAC3C,QAAO,KAAK,QAAQ,QAAQ;AAE7B,QAAO,QAAQ,MAAM;;AAGtB,SAAgB,WAAW,KAAa,SAA4B;CACnE,MAAM,OAAO,IAAI,IAAI,IAAI;CACzB,MAAM,aACL,OAAO,QAAQ,YAAY,WAAW,QAAQ,UAAU;CACzD,MAAM,UAAU,IAAI,IACnB,GAAG,cAAc,KAAK,SAAS,QAAQ,YAAY,cACnD;AACD,KAAI,KAAK,WAAW,QAAQ,OAAQ,QAAO;AAC3C,KACC,CAAC,KAAK,SAAS,WACd,QAAQ,SAAS,SAAS,IAAI,GAC3B,QAAQ,WACR,GAAG,QAAQ,SAAS,GACvB,CAED,QAAO;AACR,QAAO;;AAGR,MAAa,oBACZ,oBACI;AACJ,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,UAAU;AACT,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,QAAQ,iBAAiB;AAC/B,SAAI,CAAC,MAAO;KACZ,MAAM,SAAS,qBAAqB,WAAW;AAE/C,UAAK,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,UAAU,OACvC,KAAI;AACH,YAAM,QAAQ,IAAI,MAAM,OAAO;OAC9B,UAAU,IAAI;OACd,MAAM,IAAI,QAAQ;OAClB,SAAS,IAAI;OACb,QAAQ,IAAI;OACZ,UAAU,IAAI;OACd,QAAQ,IAAI;OACZ,QAAQ,IAAI;OACZ,CAAC;aACK;;KAKT;GACF,CACD,EACD;EACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tanstack-start-solid.mjs","names":[],"sources":["../../src/integrations/tanstack-start-solid.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/**\n * TanStack Start cookie plugin for Solid.js.\n *\n * This plugin automatically handles cookie setting for TanStack Start with Solid.js.\n * It uses `@tanstack/solid-start-server` to set cookies.\n *\n * For React, use `better-auth/tanstack-start` instead.\n *\n * @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start/solid\";\n *\n * const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies-solid\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/solid-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key,
|
|
1
|
+
{"version":3,"file":"tanstack-start-solid.mjs","names":[],"sources":["../../src/integrations/tanstack-start-solid.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/**\n * TanStack Start cookie plugin for Solid.js.\n *\n * This plugin automatically handles cookie setting for TanStack Start with Solid.js.\n * It uses `@tanstack/solid-start-server` to set cookies.\n *\n * For React, use `better-auth/tanstack-start` instead.\n *\n * @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start/solid\";\n *\n * const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies-solid\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/solid-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key, value.value, opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,6BAA6B;AACzC,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,SAAS,qBAAqB,WAAW;KAC/C,MAAM,EAAE,cAAc,MAAM,OAC3B;AAED,YAAO,SAAS,OAAO,QAAQ;AAC9B,UAAI,CAAC,IAAK;MACV,MAAM,OAAO;OACZ,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,QAAQ,MAAM;OACd,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,MAAM,MAAM;OACZ;AACD,UAAI;AACH,iBAAU,KAAK,MAAM,OAAO,KAAK;cAC1B;OAGP;AACF;;KAEA;GACF,CACD,EACD;EACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tanstack-start.mjs","names":[],"sources":["../../src/integrations/tanstack-start.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/**\n * TanStack Start cookie plugin for React.\n *\n * This plugin automatically handles cookie setting for TanStack Start with React.\n * It uses `@tanstack/react-start-server` to set cookies.\n *\n * For Solid.js, use `better-auth/tanstack-start/solid` instead.\n *\n * @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start\";\n *\n * const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/react-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key,
|
|
1
|
+
{"version":3,"file":"tanstack-start.mjs","names":[],"sources":["../../src/integrations/tanstack-start.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { parseSetCookieHeader } from \"../cookies\";\n\n/**\n * TanStack Start cookie plugin for React.\n *\n * This plugin automatically handles cookie setting for TanStack Start with React.\n * It uses `@tanstack/react-start-server` to set cookies.\n *\n * For Solid.js, use `better-auth/tanstack-start/solid` instead.\n *\n * @example\n * ```ts\n * import { tanstackStartCookies } from \"better-auth/tanstack-start\";\n *\n * const auth = betterAuth({\n * plugins: [tanstackStartCookies()],\n * });\n * ```\n */\nexport const tanstackStartCookies = () => {\n\treturn {\n\t\tid: \"tanstack-start-cookies\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = ctx.context.responseHeaders;\n\t\t\t\t\t\tif (\"_flag\" in ctx && ctx._flag === \"router\") {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif (returned instanceof Headers) {\n\t\t\t\t\t\t\tconst setCookies = returned?.get(\"set-cookie\");\n\t\t\t\t\t\t\tif (!setCookies) return;\n\t\t\t\t\t\t\tconst parsed = parseSetCookieHeader(setCookies);\n\t\t\t\t\t\t\tconst { setCookie } = await import(\n\t\t\t\t\t\t\t\t\"@tanstack/react-start/server\"\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tparsed.forEach((value, key) => {\n\t\t\t\t\t\t\t\tif (!key) return;\n\t\t\t\t\t\t\t\tconst opts = {\n\t\t\t\t\t\t\t\t\tsameSite: value.samesite,\n\t\t\t\t\t\t\t\t\tsecure: value.secure,\n\t\t\t\t\t\t\t\t\tmaxAge: value[\"max-age\"],\n\t\t\t\t\t\t\t\t\thttpOnly: value.httponly,\n\t\t\t\t\t\t\t\t\tdomain: value.domain,\n\t\t\t\t\t\t\t\t\tpath: value.path,\n\t\t\t\t\t\t\t\t} as const;\n\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\tsetCookie(key, value.value, opts);\n\t\t\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t\t\t// this will fail if the cookie is being set on server component\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,6BAA6B;AACzC,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,IAAI,QAAQ;AAC7B,QAAI,WAAW,OAAO,IAAI,UAAU,SACnC;AAED,QAAI,oBAAoB,SAAS;KAChC,MAAM,aAAa,UAAU,IAAI,aAAa;AAC9C,SAAI,CAAC,WAAY;KACjB,MAAM,SAAS,qBAAqB,WAAW;KAC/C,MAAM,EAAE,cAAc,MAAM,OAC3B;AAED,YAAO,SAAS,OAAO,QAAQ;AAC9B,UAAI,CAAC,IAAK;MACV,MAAM,OAAO;OACZ,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,QAAQ,MAAM;OACd,UAAU,MAAM;OAChB,QAAQ,MAAM;OACd,MAAM,MAAM;OACZ;AACD,UAAI;AACH,iBAAU,KAAK,MAAM,OAAO,KAAK;cAC1B;OAGP;AACF;;KAEA;GACF,CACD,EACD;EACD"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { AccessControl, Role, Statements, SubArray, Subset } from "./types.mjs";
|
|
1
|
+
import { AccessControl, ArrayElement, Role, Statements, SubArray, Subset } from "./types.mjs";
|
|
2
2
|
import { AuthorizeResponse, createAccessControl, role } from "./access.mjs";
|
|
3
|
-
export { AccessControl, AuthorizeResponse, Role, Statements, SubArray, Subset, createAccessControl, role };
|
|
3
|
+
export { AccessControl, ArrayElement, AuthorizeResponse, Role, Statements, SubArray, Subset, createAccessControl, role };
|
|
@@ -2,6 +2,7 @@ import { AuthorizeResponse, createAccessControl } from "./access.mjs";
|
|
|
2
2
|
import { LiteralString } from "@better-auth/core";
|
|
3
3
|
|
|
4
4
|
//#region src/plugins/access/types.d.ts
|
|
5
|
+
type ArrayElement<T> = T extends readonly (infer E)[] ? E : never;
|
|
5
6
|
type SubArray<T extends unknown[] | readonly unknown[] | any[]> = T[number][] | ReadonlyArray<T[number]>;
|
|
6
7
|
type Subset<K extends keyof R, R extends Record<string | LiteralString, readonly string[] | readonly LiteralString[]>> = { [P in K]: SubArray<R[P]> };
|
|
7
8
|
type Statements = {
|
|
@@ -13,5 +14,5 @@ type Role<TStatements extends Statements = Record<string, any>> = {
|
|
|
13
14
|
statements: TStatements;
|
|
14
15
|
};
|
|
15
16
|
//#endregion
|
|
16
|
-
export { AccessControl, Role, Statements, SubArray, Subset };
|
|
17
|
+
export { AccessControl, ArrayElement, Role, Statements, SubArray, Subset };
|
|
17
18
|
//# sourceMappingURL=types.d.mts.map
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AccessControl, Statements } from "../access/types.mjs";
|
|
1
|
+
import { AccessControl, ArrayElement, Statements } from "../access/types.mjs";
|
|
2
2
|
import { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole } from "./types.mjs";
|
|
3
3
|
import "../index.mjs";
|
|
4
4
|
import * as _better_auth_core0 from "@better-auth/core";
|
|
@@ -831,10 +831,10 @@ declare const admin: <O extends AdminOptions>(options?: O | undefined) => {
|
|
|
831
831
|
})]?: ((O["ac"] extends AccessControl<infer S extends Statements> ? S : {
|
|
832
832
|
readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
|
|
833
833
|
readonly session: readonly ["list", "revoke", "delete"];
|
|
834
|
-
})[key] extends readonly unknown[] ? (O["ac"] extends AccessControl<infer S extends Statements> ? S : {
|
|
834
|
+
})[key] extends readonly unknown[] ? ArrayElement<(O["ac"] extends AccessControl<infer S extends Statements> ? S : {
|
|
835
835
|
readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
|
|
836
836
|
readonly session: readonly ["list", "revoke", "delete"];
|
|
837
|
-
})[key]
|
|
837
|
+
})[key]> : never)[] | undefined };
|
|
838
838
|
} & {
|
|
839
839
|
userId?: string | undefined;
|
|
840
840
|
role?: InferAdminRolesFromOption<O> | undefined;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AccessControl, Role, Statements } from "../access/types.mjs";
|
|
1
|
+
import { AccessControl, ArrayElement, Role, Statements } from "../access/types.mjs";
|
|
2
2
|
import "../access/index.mjs";
|
|
3
3
|
import { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole } from "./types.mjs";
|
|
4
4
|
import { admin } from "./admin.mjs";
|
|
@@ -34,10 +34,10 @@ declare const adminClient: <O extends AdminClientOptions>(options?: O | undefine
|
|
|
34
34
|
})]?: ((O["ac"] extends AccessControl<infer S extends Statements> ? S : {
|
|
35
35
|
readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
|
|
36
36
|
readonly session: readonly ["list", "revoke", "delete"];
|
|
37
|
-
})[key] extends readonly unknown[] ? (O["ac"] extends AccessControl<infer S extends Statements> ? S : {
|
|
37
|
+
})[key] extends readonly unknown[] ? ArrayElement<(O["ac"] extends AccessControl<infer S extends Statements> ? S : {
|
|
38
38
|
readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
|
|
39
39
|
readonly session: readonly ["list", "revoke", "delete"];
|
|
40
|
-
})[key]
|
|
40
|
+
})[key]> : never)[] | undefined };
|
|
41
41
|
} & {
|
|
42
42
|
role: R;
|
|
43
43
|
}) => boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/admin/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { AccessControl, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, userAc } from \"./access\";\nimport type { admin } from \"./admin\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\n\nexport * from \"./error-codes\";\n\ninterface AdminClientOptions {\n\tac?: AccessControl | undefined;\n\troles?:\n\t\t| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t| undefined;\n}\n\nexport const adminClient = <O extends AdminClientOptions>(\n\toptions?: O | undefined,\n) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key]
|
|
1
|
+
{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/admin/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { AccessControl, ArrayElement, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, userAc } from \"./access\";\nimport type { admin } from \"./admin\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\n\nexport * from \"./error-codes\";\n\ninterface AdminClientOptions {\n\tac?: AccessControl | undefined;\n\troles?:\n\t\t| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t| undefined;\n}\n\nexport const adminClient = <O extends AdminClientOptions>(\n\toptions?: O | undefined,\n) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tuser: userAc,\n\t\t...options?.roles,\n\t};\n\n\treturn {\n\t\tid: \"admin-client\",\n\t\t$InferServerPlugin: {} as ReturnType<\n\t\t\ttypeof admin<{\n\t\t\t\tac: O[\"ac\"] extends AccessControl\n\t\t\t\t\t? O[\"ac\"]\n\t\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\t\troles: O[\"roles\"] extends Record<string, Role>\n\t\t\t\t\t? O[\"roles\"]\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\t\tuser: Role;\n\t\t\t\t\t\t};\n\t\t\t}>\n\t\t>,\n\t\tgetActions: () => ({\n\t\t\tadmin: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends O extends { roles: any }\n\t\t\t\t\t\t? keyof O[\"roles\"]\n\t\t\t\t\t\t: \"admin\" | \"user\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = hasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tpathMethods: {\n\t\t\t\"/admin/list-users\": \"GET\",\n\t\t\t\"/admin/stop-impersonating\": \"POST\",\n\t\t},\n\t\t$ERROR_CODES: ADMIN_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport type * from \"./types\";\n"],"mappings":";;;;;;AAmBA,MAAa,eACZ,YACI;CAeJ,MAAM,QAAQ;EACb,OAAO;EACP,MAAM;EACN,GAAG,SAAS;EACZ;AAED,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAatB,mBAAmB,EAClB,OAAO,EACN,sBAKC,SAGI;AASJ,UARqB,cAAc;IAClC,MAAM,KAAK;IACX,SAAS;KACR,IAAI,SAAS;KACN;KACP;IACD,aAAa,KAAK;IAClB,CAAC;KAGH,EACD;EACD,aAAa;GACZ,qBAAqB;GACrB,6BAA6B;GAC7B;EACD,cAAc;EACd"}
|