better-auth 1.5.1 → 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1 +1 @@
1
- {"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/admin/routes.ts"],"sourcesContent":["import {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport type { Session } from \"@better-auth/core/db\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { whereOperators } from \"@better-auth/core/db/adapter\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { parseSessionOutput, parseUserOutput } from \"../../db/schema\";\nimport { getDate } from \"../../utils/date\";\nimport type { AccessControl } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport type {\n\tAdminOptions,\n\tInferAdminRolesFromOption,\n\tSessionWithImpersonatedBy,\n\tUserWithRole,\n} from \"./types\";\n\n/**\n * Ensures a valid session, if not will throw.\n * Will also provide additional types on the user to include role types.\n */\nconst adminMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t} as {\n\t\tsession: {\n\t\t\tuser: UserWithRole;\n\t\t\tsession: Session;\n\t\t};\n\t};\n});\n\nfunction parseRoles(roles: string | string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nconst setRoleBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role to set. `admin` or `user` by default\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles to set. `admin` or `user` by default\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`\",\n\t\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-role`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setRole`\n *\n * **client:**\n * `authClient.admin.setRole`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)\n */\nexport const setRole = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserRole\",\n\t\t\t\t\tsummary: \"Set the role of a user\",\n\t\t\t\t\tdescription: \"Set the role of a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User role updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tuserId: string;\n\t\t\t\t\t\trole: InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[];\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetRole = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetRole) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst roles = opts.roles;\n\t\t\tif (roles) {\n\t\t\t\tconst inputRoles = Array.isArray(ctx.body.role)\n\t\t\t\t\t? ctx.body.role\n\t\t\t\t\t: [ctx.body.role];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (!roles[role as keyof typeof roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\trole: parseRoles(ctx.body.role),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst getUserQuerySchema = z.object({\n\tid: z.string().meta({\n\t\tdescription: \"The id of the User\",\n\t}),\n});\n\nexport const getUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/get-user\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: getUserQuerySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"getUser\",\n\t\t\t\t\tsummary: \"Get an existing user\",\n\t\t\t\t\tdescription: \"Get an existing user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { id } = ctx.query;\n\n\t\t\tconst canGetUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"get\"],\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!canGetUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(id);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\treturn parseUserOutput(ctx.context.options, user) as UserWithRole;\n\t\t},\n\t);\n\nconst createUserBodySchema = z.object({\n\temail: z.string().meta({\n\t\tdescription: \"The email of the user\",\n\t}),\n\tpassword: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users).\",\n\t}),\n\tname: z.string().meta({\n\t\tdescription: \"The name of the user\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role of the user\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles of user\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.optional()\n\t\t.meta({\n\t\t\tdescription: `A string or array of strings representing the roles to apply to the new user. Eg: \\\"user\\\"`,\n\t\t}),\n\t/**\n\t * extra fields for user\n\t */\n\tdata: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription:\n\t\t\t\"Extra fields for the user. Including custom additional fields.\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/create-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.createUser`\n *\n * **client:**\n * `authClient.admin.createUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)\n */\nexport const createUser = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/create-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: createUserBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"createUser\",\n\t\t\t\t\tsummary: \"Create a new user\",\n\t\t\t\t\tdescription: \"Create a new user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword?: string | undefined;\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\trole?:\n\t\t\t\t\t\t\t| (InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[])\n\t\t\t\t\t\t\t| undefined;\n\t\t\t\t\t\tdata?: Record<string, any> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<{ role: string }>(ctx);\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (session) {\n\t\t\t\tconst canCreateUser = hasPermission({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\trole: session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canCreateUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst email = ctx.body.email.toLowerCase();\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\n\t\t\tconst existUser =\n\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (existUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.createUser<UserWithRole>({\n\t\t\t\temail: email,\n\t\t\t\tname: ctx.body.name,\n\t\t\t\trole:\n\t\t\t\t\t(ctx.body.role && parseRoles(ctx.body.role)) ??\n\t\t\t\t\topts?.defaultRole ??\n\t\t\t\t\t\"user\",\n\t\t\t\t...ctx.body.data,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\t// Only create credential account if password is provided\n\t\t\tif (ctx.body.password) {\n\t\t\t\tconst hashedPassword = await ctx.context.password.hash(\n\t\t\t\t\tctx.body.password,\n\t\t\t\t);\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tuserId: user.id,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst adminUpdateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\tdata: z.record(z.any(), z.any()).meta({\n\t\tdescription: \"The user data to update\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/update-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.adminUpdateUser`\n *\n * **client:**\n * `authClient.admin.updateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)\n */\nexport const adminUpdateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/update-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: adminUpdateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"updateUser\",\n\t\t\t\t\tsummary: \"Update a user\",\n\t\t\t\t\tdescription: \"Update a user's details\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canUpdateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"update\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canUpdateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (Object.keys(ctx.body.data).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);\n\t\t\t}\n\n\t\t\t// Role changes must be guarded by `user:set-role` and validated against the role allow-list.\n\t\t\tif (Object.prototype.hasOwnProperty.call(ctx.body.data, \"role\")) {\n\t\t\t\tconst canSetRole = hasPermission({\n\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canSetRole) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst roleValue = (ctx.body.data as Record<string, any>).role;\n\t\t\t\tconst inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (typeof role !== \"string\") {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.INVALID_ROLE_TYPE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tif (opts.roles && !opts.roles[role as keyof typeof opts.roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t(ctx.body.data as Record<string, any>).role = parseRoles(\n\t\t\t\t\tinputRoles as string[],\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\tctx.body.data,\n\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\tparseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t);\n\t\t},\n\t);\n\nconst listUsersQuerySchema = z.object({\n\tsearchValue: z.string().optional().meta({\n\t\tdescription: 'The value to search for. Eg: \"some name\"',\n\t}),\n\tsearchField: z\n\t\t.enum([\"email\", \"name\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"',\n\t\t})\n\t\t.optional(),\n\tsearchOperator: z\n\t\t.enum([\"contains\", \"starts_with\", \"ends_with\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"',\n\t\t})\n\t\t.optional(),\n\tlimit: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The number of users to return\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\toffset: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The offset to start from\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\tsortBy: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to sort by\",\n\t\t})\n\t\t.optional(),\n\tsortDirection: z\n\t\t.enum([\"asc\", \"desc\"])\n\t\t.meta({\n\t\t\tdescription: \"The direction to sort by\",\n\t\t})\n\t\t.optional(),\n\tfilterField: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to filter by\",\n\t\t})\n\t\t.optional(),\n\tfilterValue: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The value to filter by\",\n\t\t})\n\t\t.or(z.number())\n\t\t.or(z.boolean())\n\t\t.or(z.array(z.string()))\n\t\t.or(z.array(z.number()))\n\t\t.optional(),\n\tfilterOperator: z\n\t\t.enum(whereOperators)\n\t\t.meta({\n\t\t\tdescription: \"The operator to use for the filter\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const listUsers = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-users\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tquery: listUsersQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUsers\",\n\t\t\t\t\tsummary: \"List users\",\n\t\t\t\t\tdescription: \"List users\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of users\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tusers: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttotal: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlimit: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\toffset: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"users\", \"total\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListUsers = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListUsers) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst where: Where[] = [];\n\n\t\t\tif (ctx.query?.searchValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.searchField || \"email\",\n\t\t\t\t\toperator: ctx.query.searchOperator || \"contains\",\n\t\t\t\t\tvalue: ctx.query.searchValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (ctx.query?.filterValue !== undefined) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.filterField || \"email\",\n\t\t\t\t\toperator: ctx.query.filterOperator || \"eq\",\n\t\t\t\t\tvalue: ctx.query.filterValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst users = await ctx.context.internalAdapter.listUsers(\n\t\t\t\t\tNumber(ctx.query?.limit) || undefined,\n\t\t\t\t\tNumber(ctx.query?.offset) || undefined,\n\t\t\t\t\tctx.query?.sortBy\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tfield: ctx.query.sortBy,\n\t\t\t\t\t\t\t\tdirection: ctx.query.sortDirection || \"asc\",\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\tconst total = await ctx.context.internalAdapter.countTotalUsers(\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: users.map((user) =>\n\t\t\t\t\t\tparseUserOutput(ctx.context.options, user),\n\t\t\t\t\t) as UserWithRole[],\n\t\t\t\t\ttotal: total,\n\t\t\t\t\tlimit: Number(ctx.query?.limit) || undefined,\n\t\t\t\t\toffset: Number(ctx.query?.offset) || undefined,\n\t\t\t\t});\n\t\t\t} catch {\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: [] as UserWithRole[],\n\t\t\t\t\ttotal: 0,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t);\n\nconst listUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/list-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.listUserSessions`\n *\n * **client:**\n * `authClient.admin.listUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)\n */\nexport const listUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tbody: listUserSessionsBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUserSessions\",\n\t\t\t\t\tsummary: \"List user sessions\",\n\t\t\t\t\tdescription: \"List user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of user sessions\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsessions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListSessions = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListSessions) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst sessions: SessionWithImpersonatedBy[] =\n\t\t\t\tawait ctx.context.internalAdapter.listSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsessions: sessions.map((s) =>\n\t\t\t\t\tparseSessionOutput(ctx.context.options, s),\n\t\t\t\t),\n\t\t\t});\n\t\t},\n\t);\n\nconst unbanUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/unban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.unbanUser`\n *\n * **client:**\n * `authClient.admin.unbanUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)\n */\nexport const unbanUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/unban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: unbanUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"unbanUser\",\n\t\t\t\t\tsummary: \"Unban a user\",\n\t\t\t\t\tdescription: \"Unban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User unbanned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: false,\n\t\t\t\t\tbanExpires: null,\n\t\t\t\t\tbanReason: null,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst banUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\t/**\n\t * Reason for the ban\n\t */\n\tbanReason: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The reason for the ban\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Number of seconds until the ban expires\n\t */\n\tbanExpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of seconds until the ban expires\",\n\t\t})\n\t\t.optional(),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/ban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.banUser`\n *\n * **client:**\n * `authClient.admin.banUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)\n */\nexport const banUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/ban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: banUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"banUser\",\n\t\t\t\t\tsummary: \"Ban a user\",\n\t\t\t\t\tdescription: \"Ban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User banned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst foundUser = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!foundUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: true,\n\t\t\t\t\tbanReason:\n\t\t\t\t\t\tctx.body.banReason || opts?.defaultBanReason || \"No reason\",\n\t\t\t\t\tbanExpires: ctx.body.banExpiresIn\n\t\t\t\t\t\t? getDate(ctx.body.banExpiresIn, \"sec\")\n\t\t\t\t\t\t: opts?.defaultBanExpiresIn\n\t\t\t\t\t\t\t? getDate(opts.defaultBanExpiresIn, \"sec\")\n\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\t//revoke all sessions\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst impersonateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/impersonate-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.impersonateUser`\n *\n * **client:**\n * `authClient.admin.impersonateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)\n */\nexport const impersonateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/impersonate-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: impersonateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"impersonateUser\",\n\t\t\t\t\tsummary: \"Impersonate a user\",\n\t\t\t\t\tdescription: \"Impersonate a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Impersonation session created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canImpersonateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"impersonate\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canImpersonateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst targetUser = (await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t)) as UserWithRole | null;\n\n\t\t\tif (!targetUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst adminRoles = (\n\t\t\t\tArray.isArray(opts.adminRoles)\n\t\t\t\t\t? opts.adminRoles\n\t\t\t\t\t: opts.adminRoles?.split(\",\") || []\n\t\t\t).map((role) => role.trim());\n\t\t\tconst targetUserRole = (\n\t\t\t\ttargetUser.role ||\n\t\t\t\topts.defaultRole ||\n\t\t\t\t\"user\"\n\t\t\t).split(\",\");\n\t\t\tconst isTargetAdmin =\n\t\t\t\ttargetUserRole.some((role) => adminRoles.includes(role)) ||\n\t\t\t\t!!opts.adminUserIds?.includes(targetUser.id);\n\t\t\tif (isTargetAdmin) {\n\t\t\t\tconst canImpersonateAdmins =\n\t\t\t\t\topts.allowImpersonatingAdmins === true ||\n\t\t\t\t\thasPermission({\n\t\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\t\toptions: opts,\n\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\tuser: [\"impersonate-admins\"],\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\tif (!canImpersonateAdmins) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\ttargetUser.id,\n\t\t\t\ttrue,\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: ctx.context.session.user.id,\n\t\t\t\t\texpiresAt: opts?.impersonationSessionDuration\n\t\t\t\t\t\t? getDate(opts.impersonationSessionDuration, \"sec\")\n\t\t\t\t\t\t: getDate(60 * 60, \"sec\"), // 1 hour\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authCookies = ctx.context.authCookies;\n\t\t\tdeleteSessionCookie(ctx);\n\t\t\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tconst adminCookieProp = ctx.context.createAuthCookie(\"admin_session\");\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tadminCookieProp.name,\n\t\t\t\t`${ctx.context.session.session.token}:${dontRememberMeCookie || \"\"}`,\n\t\t\t\tctx.context.secret,\n\t\t\t\tauthCookies.sessionToken.attributes,\n\t\t\t);\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession: session,\n\t\t\t\t\tuser: targetUser,\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: session,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, targetUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/stop-impersonating`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.stopImpersonating`\n *\n * **client:**\n * `authClient.admin.stopImpersonating`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)\n */\nexport const stopImpersonating = () =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/stop-impersonating\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<\n\t\t\t\t{},\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: string;\n\t\t\t\t}\n\t\t\t>(ctx);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session.session.impersonatedBy) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"You are not impersonating anyone\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tsession.session.impersonatedBy,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find user\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst adminSessionCookie = ctx.context.createAuthCookie(\"admin_session\");\n\n\t\t\tconst adminCookie = await ctx.getSignedCookie(\n\t\t\t\tadminSessionCookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\n\t\t\tif (!adminCookie) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(\":\");\n\t\t\tconst adminSession = await ctx.context.internalAdapter.findSession(\n\t\t\t\tadminSessionToken!,\n\t\t\t);\n\t\t\tif (!adminSession || adminSession.session.userId !== user.id) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\tawait setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);\n\t\t\texpireCookie(ctx, adminSessionCookie);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: parseSessionOutput(ctx.context.options, adminSession.session),\n\t\t\t\tuser: parseUserOutput(ctx.context.options, adminSession.user),\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionBodySchema = z.object({\n\tsessionToken: z.string().meta({\n\t\tdescription: \"The session token\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-session`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSession`\n *\n * **client:**\n * `authClient.admin.revokeUserSession`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)\n */\nexport const revokeUserSession = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-session\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSession\",\n\t\t\t\t\tsummary: \"Revoke a user session\",\n\t\t\t\t\tdescription: \"Revoke a user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Session revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSessions`\n *\n * **client:**\n * `authClient.admin.revokeUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)\n */\nexport const revokeUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionsBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSessions\",\n\t\t\t\t\tsummary: \"Revoke all user sessions\",\n\t\t\t\t\tdescription: \"Revoke all user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sessions revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst removeUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/remove-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.removeUser`\n *\n * **client:**\n * `authClient.admin.removeUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)\n */\nexport const removeUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/remove-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: removeUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"removeUser\",\n\t\t\t\t\tsummary: \"Remove a user\",\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Delete a user and all their sessions and accounts. Cannot be undone.\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User removed\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canDeleteUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"delete\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canDeleteUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteUser(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst setUserPasswordBodySchema = z.object({\n\tnewPassword: z.string().nonempty(\"newPassword cannot be empty\").meta({\n\t\tdescription: \"The new password\",\n\t}),\n\tuserId: z.coerce.string().nonempty(\"userId cannot be empty\").meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-user-password`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setUserPassword`\n *\n * **client:**\n * `authClient.admin.setUserPassword`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)\n */\nexport const setUserPassword = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-user-password\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setUserPasswordBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserPassword\",\n\t\t\t\t\tsummary: \"Set a user's password\",\n\t\t\t\t\tdescription: \"Set a user's password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Password set\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetUserPassword = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-password\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetUserPassword) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { newPassword, userId } = ctx.body;\n\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\tif (newPassword.length < minPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t\t}\n\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\tif (newPassword.length > maxPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t\t}\n\t\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst userHasPermissionBodySchema = z\n\t.object({\n\t\tuserId: z.coerce.string().optional().meta({\n\t\t\tdescription: `The user id. Eg: \"user-id\"`,\n\t\t}),\n\t\trole: z.string().optional().meta({\n\t\t\tdescription: `The role to check permission for. Eg: \"admin\"`,\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/has-permission`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.userHasPermission`\n *\n * **client:**\n * `authClient.admin.hasPermission`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)\n */\nexport const userHasPermission = <O extends AdminOptions>(opts: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/admin/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: userHasPermissionBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\tuserId?: string | undefined;\n\t\t\t\t\t\trole?: InferAdminRolesFromOption<O> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!ctx.body?.permissions) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"invalid permission check. no permission(s) were passed.\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session && !ctx.body.userId && !ctx.body.role) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user id or role is required\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user =\n\t\t\t\tsession?.user ||\n\t\t\t\t(ctx.body.role\n\t\t\t\t\t? { id: ctx.body.userId || \"\", role: ctx.body.role }\n\t\t\t\t\t: null) ||\n\t\t\t\t(ctx.body.userId\n\t\t\t\t\t? ((await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\t\t\tctx.body.userId as string,\n\t\t\t\t\t\t)) as { role?: string | undefined; id: string })\n\t\t\t\t\t: null);\n\t\t\tif (!user) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user not found\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst result = hasPermission({\n\t\t\t\tuserId: user.id,\n\t\t\t\trole: user.role,\n\t\t\t\toptions: opts as AdminOptions,\n\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAgCA,MAAM,kBAAkB,qBAAqB,OAAO,QAAQ;CAC3D,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,QAAO,EACN,SACA;EAMA;AAEF,SAAS,WAAW,OAAkC;AACrD,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAGjD,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,iDACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,kDACb,CAAC,CACF,CACD,CAAC,CACD,KAAK,EACL,aACC,gGACD,CAAC;CACH,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAmC,SAC/C,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,gBAAgB;CAChB,KAAK,CAAC,gBAAgB;CACtB,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EAIR;EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAEF,MAAM,QAAQ,KAAK;AACnB,KAAI,OAAO;EACV,MAAM,aAAa,MAAM,QAAQ,IAAI,KAAK,KAAK,GAC5C,IAAI,KAAK,OACT,CAAC,IAAI,KAAK,KAAK;AAClB,OAAK,MAAM,QAAQ,WAClB,KAAI,CAAC,MAAM,MACV,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;CAIJ,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,EACC,MAAM,WAAW,IAAI,KAAK,KAAK,EAC/B,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY,EACvD,CAAC;EAEH;AAEF,MAAM,qBAAqB,EAAE,OAAO,EACnC,IAAI,EAAE,QAAQ,CAAC,KAAK,EACnB,aAAa,sBACb,CAAC,EACF,CAAC;AAEF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,OAAO;CACP,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,OAAO,IAAI;AAWnB,KAAI,CATe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAGD,OAAM,SAAS,KACd,aACA,kBAAkB,gCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,GAAG;AAE/D,KAAI,CAAC,KACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,QAAO,gBAAgB,IAAI,QAAQ,SAAS,KAAK;EAElD;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aACC,wJACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,wBACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,wBACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,qBACb,CAAC,CACF,CACD,CAAC,CACD,UAAU,CACV,KAAK,EACL,aAAa,8FACb,CAAC;CAIH,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EACnD,aACC,kEACD,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAsC,SAClD,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EASR;EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAoC,IAAI;AAC9D,KAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,SASH;MAAI,CARkB,cAAc;GACnC,QAAQ,QAAQ,KAAK;GACrB,MAAM,QAAQ,KAAK;GACnB,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;;CAIH,MAAM,QAAQ,IAAI,KAAK,MAAM,aAAa;AAE1C,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAKnE,KADC,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM,CAExD,OAAM,SAAS,KACd,eACA,kBAAkB,sCAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAAyB;EAChE;EACP,MAAM,IAAI,KAAK;EACf,OACE,IAAI,KAAK,QAAQ,WAAW,IAAI,KAAK,KAAK,KAC3C,MAAM,eACN;EACD,GAAG,IAAI,KAAK;EACZ,CAAC;AAEF,KAAI,CAAC,KACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;AAGF,KAAI,IAAI,KAAK,UAAU;EACtB,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KACjD,IAAI,KAAK,SACT;AACD,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,WAAW,KAAK;GAChB,YAAY;GACZ,UAAU;GACV,QAAQ,KAAK;GACb,CAAC;;AAEH,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,EACrC,aAAa,2BACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,OAAO,KAAK,IAAI,KAAK,KAAK,CAAC,WAAW,EACzC,OAAM,SAAS,KAAK,eAAe,kBAAkB,kBAAkB;AAIxE,KAAI,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,MAAM,OAAO,EAAE;AAShE,MAAI,CARe,cAAc;GAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;EAGF,MAAM,YAAa,IAAI,KAAK,KAA6B;EACzD,MAAM,aAAa,MAAM,QAAQ,UAAU,GAAG,YAAY,CAAC,UAAU;AACrE,OAAK,MAAM,QAAQ,YAAY;AAC9B,OAAI,OAAO,SAAS,SACnB,OAAM,SAAS,KACd,eACA,kBAAkB,kBAClB;AAEF,OAAI,KAAK,SAAS,CAAC,KAAK,MAAM,MAC7B,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;AAGH,EAAC,IAAI,KAAK,KAA6B,OAAO,WAC7C,WACA;;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,IAAI,KAAK,KACT;AAED,QAAO,IAAI,KACV,gBAAgB,IAAI,QAAQ,SAAS,YAAY,CACjD;EAEF;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACvC,aAAa,8CACb,CAAC;CACF,aAAa,EACX,KAAK,CAAC,SAAS,OAAO,CAAC,CACvB,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAY;EAAe;EAAY,CAAC,CAC9C,KAAK,EACL,aACC,yGACD,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,wBACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,KAAK,CAAC,OAAO,OAAO,CAAC,CACrB,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,GAAG,EAAE,SAAS,CAAC,CACf,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,UAAU;CACZ,gBAAgB,EACd,KAAK,eAAe,CACpB,KAAK,EACL,aAAa,sCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,OAAO;MACN,MAAM;MACN,OAAO,EACN,MAAM,6BACN;MACD;KACD,OAAO,EACN,MAAM,UACN;KACD,OAAO,EACN,MAAM,UACN;KACD,QAAQ,EACP,MAAM,UACN;KACD;IACD,UAAU,CAAC,SAAS,QAAQ;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARiB,cAAc;EAClC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,OAAO,EACd;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,kCAClB;CAGF,MAAM,QAAiB,EAAE;AAEzB,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI,IAAI,OAAO,gBAAgB,OAC9B,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI;EACH,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,UAC/C,OAAO,IAAI,OAAO,MAAM,IAAI,QAC5B,OAAO,IAAI,OAAO,OAAO,IAAI,QAC7B,IAAI,OAAO,SACR;GACA,OAAO,IAAI,MAAM;GACjB,WAAW,IAAI,MAAM,iBAAiB;GACtC,GACA,QACH,MAAM,SAAS,QAAQ,OACvB;EACD,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,gBAC/C,MAAM,SAAS,QAAQ,OACvB;AACD,SAAO,IAAI,KAAK;GACf,OAAO,MAAM,KAAK,SACjB,gBAAgB,IAAI,QAAQ,SAAS,KAAK,CAC1C;GACM;GACP,OAAO,OAAO,IAAI,OAAO,MAAM,IAAI;GACnC,QAAQ,OAAO,IAAI,OAAO,OAAO,IAAI;GACrC,CAAC;SACK;AACP,SAAO,IAAI,KAAK;GACf,OAAO,EAAE;GACT,OAAO;GACP,CAAC;;EAGJ;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,SAChC,mBACC,6BACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,UAAU;KACT,MAAM;KACN,OAAO,EACN,MAAM,gCACN;KACD,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARoB,cAAc;EACrC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,OAAO,EACjB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,2CAClB;CAGF,MAAM,WACL,MAAM,IAAI,QAAQ,gBAAgB,aAAa,IAAI,KAAK,OAAO;AAChE,QAAO,IAAI,KAAK,EACf,UAAU,SAAS,KAAK,MACvB,mBAAmB,IAAI,QAAQ,SAAS,EAAE,CAC1C,EACD,CAAC;EAEH;AAEF,MAAM,sBAAsB,EAAE,OAAO,EACpC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,YAAY;EACZ,WAAW;EACX,2BAAW,IAAI,MAAM;EACrB,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CAIF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;AAOF,KAAI,CAJc,MAAM,IAAI,QAAQ,gBAAgB,aACnD,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,wBAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,WACC,IAAI,KAAK,aAAa,MAAM,oBAAoB;EACjD,YAAY,IAAI,KAAK,eAClB,QAAQ,IAAI,KAAK,cAAc,MAAM,GACrC,MAAM,sBACL,QAAQ,KAAK,qBAAqB,MAAM,GACxC;EACJ,2BAAW,IAAI,MAAM;EACrB,CACD;AAED,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,mBAAmB,SAC/B,mBACC,2BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,SAAS,EACR,MAAM,gCACN;KACD,MAAM,EACL,MAAM,6BACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,cAAc,EACrB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAGF,MAAM,aAAc,MAAM,IAAI,QAAQ,gBAAgB,aACrD,IAAI,KAAK,OACT;AAED,KAAI,CAAC,WACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;CAGlE,MAAM,cACL,MAAM,QAAQ,KAAK,WAAW,GAC3B,KAAK,aACL,KAAK,YAAY,MAAM,IAAI,IAAI,EAAE,EACnC,KAAK,SAAS,KAAK,MAAM,CAAC;AAS5B,MAPC,WAAW,QACX,KAAK,eACL,QACC,MAAM,IAAI,CAEI,MAAM,SAAS,WAAW,SAAS,KAAK,CAAC,IACxD,CAAC,CAAC,KAAK,cAAc,SAAS,WAAW,GAAG,EAY5C;MAAI,EATH,KAAK,6BAA6B,QAClC,cAAc;GACb,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,qBAAqB,EAC5B;GACD,CAAC,EAEF,OAAM,SAAS,KACd,aACA,kBAAkB,8BAClB;;CAIH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,WAAW,IACX,MACA;EACC,gBAAgB,IAAI,QAAQ,QAAQ,KAAK;EACzC,WAAW,MAAM,+BACd,QAAQ,KAAK,8BAA8B,MAAM,GACjD,QAAQ,MAAS,MAAM;EAC1B,EACD,KACA;AACD,KAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;CAEF,MAAM,cAAc,IAAI,QAAQ;AAChC,qBAAoB,IAAI;CACxB,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;CACD,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,gBAAgB;AACrE,OAAM,IAAI,gBACT,gBAAgB,MAChB,GAAG,IAAI,QAAQ,QAAQ,QAAQ,MAAM,GAAG,wBAAwB,MAChE,IAAI,QAAQ,QACZ,YAAY,aAAa,WACzB;AACD,OAAM,iBACL,KACA;EACU;EACT,MAAM;EACN,EACD,KACA;AACD,QAAO,IAAI,KAAK;EACN;EACT,MAAM,gBAAgB,IAAI,QAAQ,SAAS,WAAW;EACtD,CAAC;EAEH;;;;;;;;;;;;;;;;AAiBF,MAAa,0BACZ,mBACC,6BACA;CACC,QAAQ;CACR,gBAAgB;CAChB,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAKpB,IAAI;AACN,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,KAAI,CAAC,QAAQ,QAAQ,eACpB,OAAM,SAAS,WAAW,eAAe,EACxC,SAAS,oCACT,CAAC;CAEH,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,QAAQ,QAAQ,eAChB;AACD,KAAI,CAAC,KACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,uBACT,CAAC;CAEH,MAAM,qBAAqB,IAAI,QAAQ,iBAAiB,gBAAgB;CAExE,MAAM,cAAc,MAAM,IAAI,gBAC7B,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AAED,KAAI,CAAC,YACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;CAEH,MAAM,CAAC,mBAAmB,wBAAwB,aAAa,MAAM,IAAI;CACzE,MAAM,eAAe,MAAM,IAAI,QAAQ,gBAAgB,YACtD,kBACA;AACD,KAAI,CAAC,gBAAgB,aAAa,QAAQ,WAAW,KAAK,GACzD,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;AAEH,OAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,OAAM,iBAAiB,KAAK,cAAc,CAAC,CAAC,qBAAqB;AACjE,cAAa,KAAK,mBAAmB;AACrC,QAAO,IAAI,KAAK;EACf,SAAS,mBAAmB,IAAI,QAAQ,SAAS,aAAa,QAAQ;EACtE,MAAM,gBAAgB,IAAI,QAAQ,SAAS,aAAa,KAAK;EAC7D,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAAE,OAAO,EAC5C,cAAc,EAAE,QAAQ,CAAC,KAAK,EAC7B,aAAa,qBACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,SACjC,mBACC,8BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,cAAc,IAAI,KAAK,aAAa;AACtE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,+BAA+B,EAAE,OAAO,EAC7C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,sBAAsB,SAClC,mBACC,+BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAc,SAC1B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aACC;EACD,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,2BAClB;AAOF,KAAI,CAJS,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,OAAM,IAAI,QAAQ,gBAAgB,WAAW,IAAI,KAAK,OAAO;AAC7D,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,aAAa,EAAE,QAAQ,CAAC,SAAS,8BAA8B,CAAC,KAAK,EACpE,aAAa,oBACb,CAAC;CACF,QAAQ,EAAE,OAAO,QAAQ,CAAC,SAAS,yBAAyB,CAAC,KAAK,EACjE,aAAa,eACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,4BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,eAAe,EACtB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,0CAClB;CAGF,MAAM,EAAE,aAAa,WAAW,IAAI;CACpC,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,QAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;;CAExE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,QAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;;CAEvE,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AACnE,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AACxE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAClC,OAAO;CACP,QAAQ,EAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,EACzC,aAAa,8BACb,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAChC,aAAa,iDACb,CAAC;CACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;;;;;;;;;;;;;;;;AAiBF,MAAa,qBAA6C,SAAY;AAgBrE,QAAO,mBACN,yBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU;GACT,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,aAAa;MACZ,MAAM;MACN,aAAa;MACb,EACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD,QAAQ,EACP,MAAM,EAAE,EAIR;GACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,CAAC,IAAI,MAAM,YACd,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,2DACT,CAAC;EAEH,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAE5C,MAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,SAAS,eAAe;AAEnC,MAAI,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,KAAK,KAC7C,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,+BACT,CAAC;EAEH,MAAM,OACL,SAAS,SACR,IAAI,KAAK,OACP;GAAE,IAAI,IAAI,KAAK,UAAU;GAAI,MAAM,IAAI,KAAK;GAAM,GAClD,UACF,IAAI,KAAK,SACL,MAAM,IAAI,QAAQ,gBAAgB,aACpC,IAAI,KAAK,OACT,GACA;AACJ,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;EAEH,MAAM,SAAS,cAAc;GAC5B,QAAQ,KAAK;GACb,MAAM,KAAK;GACX,SAAS;GACT,aAAa,IAAI,KAAK;GACtB,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH"}
1
+ {"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/admin/routes.ts"],"sourcesContent":["import {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport type { Session } from \"@better-auth/core/db\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { whereOperators } from \"@better-auth/core/db/adapter\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { parseSessionOutput, parseUserOutput } from \"../../db/schema\";\nimport { getDate } from \"../../utils/date\";\nimport type { AccessControl, ArrayElement } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport type {\n\tAdminOptions,\n\tInferAdminRolesFromOption,\n\tSessionWithImpersonatedBy,\n\tUserWithRole,\n} from \"./types\";\n\n/**\n * Ensures a valid session, if not will throw.\n * Will also provide additional types on the user to include role types.\n */\nconst adminMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t} as {\n\t\tsession: {\n\t\t\tuser: UserWithRole;\n\t\t\tsession: Session;\n\t\t};\n\t};\n});\n\nfunction parseRoles(roles: string | string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nconst setRoleBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role to set. `admin` or `user` by default\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles to set. `admin` or `user` by default\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`\",\n\t\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-role`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setRole`\n *\n * **client:**\n * `authClient.admin.setRole`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)\n */\nexport const setRole = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserRole\",\n\t\t\t\t\tsummary: \"Set the role of a user\",\n\t\t\t\t\tdescription: \"Set the role of a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User role updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tuserId: string;\n\t\t\t\t\t\trole: InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[];\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetRole = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetRole) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst roles = opts.roles;\n\t\t\tif (roles) {\n\t\t\t\tconst inputRoles = Array.isArray(ctx.body.role)\n\t\t\t\t\t? ctx.body.role\n\t\t\t\t\t: [ctx.body.role];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (!roles[role as keyof typeof roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\trole: parseRoles(ctx.body.role),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst getUserQuerySchema = z.object({\n\tid: z.string().meta({\n\t\tdescription: \"The id of the User\",\n\t}),\n});\n\nexport const getUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/get-user\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: getUserQuerySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"getUser\",\n\t\t\t\t\tsummary: \"Get an existing user\",\n\t\t\t\t\tdescription: \"Get an existing user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { id } = ctx.query;\n\n\t\t\tconst canGetUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"get\"],\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!canGetUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(id);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\treturn parseUserOutput(ctx.context.options, user) as UserWithRole;\n\t\t},\n\t);\n\nconst createUserBodySchema = z.object({\n\temail: z.string().meta({\n\t\tdescription: \"The email of the user\",\n\t}),\n\tpassword: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users).\",\n\t}),\n\tname: z.string().meta({\n\t\tdescription: \"The name of the user\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role of the user\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles of user\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.optional()\n\t\t.meta({\n\t\t\tdescription: `A string or array of strings representing the roles to apply to the new user. Eg: \\\"user\\\"`,\n\t\t}),\n\t/**\n\t * extra fields for user\n\t */\n\tdata: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription:\n\t\t\t\"Extra fields for the user. Including custom additional fields.\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/create-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.createUser`\n *\n * **client:**\n * `authClient.admin.createUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)\n */\nexport const createUser = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/create-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: createUserBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"createUser\",\n\t\t\t\t\tsummary: \"Create a new user\",\n\t\t\t\t\tdescription: \"Create a new user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword?: string | undefined;\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\trole?:\n\t\t\t\t\t\t\t| (InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[])\n\t\t\t\t\t\t\t| undefined;\n\t\t\t\t\t\tdata?: Record<string, any> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<{ role: string }>(ctx);\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (session) {\n\t\t\t\tconst canCreateUser = hasPermission({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\trole: session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canCreateUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst email = ctx.body.email.toLowerCase();\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\n\t\t\tconst existUser =\n\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (existUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.createUser<UserWithRole>({\n\t\t\t\temail: email,\n\t\t\t\tname: ctx.body.name,\n\t\t\t\trole:\n\t\t\t\t\t(ctx.body.role && parseRoles(ctx.body.role)) ??\n\t\t\t\t\topts?.defaultRole ??\n\t\t\t\t\t\"user\",\n\t\t\t\t...ctx.body.data,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\t// Only create credential account if password is provided\n\t\t\tif (ctx.body.password) {\n\t\t\t\tconst hashedPassword = await ctx.context.password.hash(\n\t\t\t\t\tctx.body.password,\n\t\t\t\t);\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tuserId: user.id,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst adminUpdateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\tdata: z.record(z.any(), z.any()).meta({\n\t\tdescription: \"The user data to update\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/update-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.adminUpdateUser`\n *\n * **client:**\n * `authClient.admin.updateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)\n */\nexport const adminUpdateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/update-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: adminUpdateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"updateUser\",\n\t\t\t\t\tsummary: \"Update a user\",\n\t\t\t\t\tdescription: \"Update a user's details\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canUpdateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"update\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canUpdateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (Object.keys(ctx.body.data).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);\n\t\t\t}\n\n\t\t\t// Role changes must be guarded by `user:set-role` and validated against the role allow-list.\n\t\t\tif (Object.prototype.hasOwnProperty.call(ctx.body.data, \"role\")) {\n\t\t\t\tconst canSetRole = hasPermission({\n\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canSetRole) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst roleValue = (ctx.body.data as Record<string, any>).role;\n\t\t\t\tconst inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (typeof role !== \"string\") {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.INVALID_ROLE_TYPE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tif (opts.roles && !opts.roles[role as keyof typeof opts.roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t(ctx.body.data as Record<string, any>).role = parseRoles(\n\t\t\t\t\tinputRoles as string[],\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\tctx.body.data,\n\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\tparseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t);\n\t\t},\n\t);\n\nconst listUsersQuerySchema = z.object({\n\tsearchValue: z.string().optional().meta({\n\t\tdescription: 'The value to search for. Eg: \"some name\"',\n\t}),\n\tsearchField: z\n\t\t.enum([\"email\", \"name\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"',\n\t\t})\n\t\t.optional(),\n\tsearchOperator: z\n\t\t.enum([\"contains\", \"starts_with\", \"ends_with\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"',\n\t\t})\n\t\t.optional(),\n\tlimit: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The number of users to return\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\toffset: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The offset to start from\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\tsortBy: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to sort by\",\n\t\t})\n\t\t.optional(),\n\tsortDirection: z\n\t\t.enum([\"asc\", \"desc\"])\n\t\t.meta({\n\t\t\tdescription: \"The direction to sort by\",\n\t\t})\n\t\t.optional(),\n\tfilterField: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to filter by\",\n\t\t})\n\t\t.optional(),\n\tfilterValue: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The value to filter by\",\n\t\t})\n\t\t.or(z.number())\n\t\t.or(z.boolean())\n\t\t.or(z.array(z.string()))\n\t\t.or(z.array(z.number()))\n\t\t.optional(),\n\tfilterOperator: z\n\t\t.enum(whereOperators)\n\t\t.meta({\n\t\t\tdescription: \"The operator to use for the filter\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const listUsers = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-users\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tquery: listUsersQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUsers\",\n\t\t\t\t\tsummary: \"List users\",\n\t\t\t\t\tdescription: \"List users\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of users\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tusers: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttotal: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlimit: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\toffset: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"users\", \"total\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListUsers = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListUsers) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst where: Where[] = [];\n\n\t\t\tif (ctx.query?.searchValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.searchField || \"email\",\n\t\t\t\t\toperator: ctx.query.searchOperator || \"contains\",\n\t\t\t\t\tvalue: ctx.query.searchValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (ctx.query?.filterValue !== undefined) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.filterField || \"email\",\n\t\t\t\t\toperator: ctx.query.filterOperator || \"eq\",\n\t\t\t\t\tvalue: ctx.query.filterValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst users = await ctx.context.internalAdapter.listUsers(\n\t\t\t\t\tNumber(ctx.query?.limit) || undefined,\n\t\t\t\t\tNumber(ctx.query?.offset) || undefined,\n\t\t\t\t\tctx.query?.sortBy\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tfield: ctx.query.sortBy,\n\t\t\t\t\t\t\t\tdirection: ctx.query.sortDirection || \"asc\",\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\tconst total = await ctx.context.internalAdapter.countTotalUsers(\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: users.map((user) =>\n\t\t\t\t\t\tparseUserOutput(ctx.context.options, user),\n\t\t\t\t\t) as UserWithRole[],\n\t\t\t\t\ttotal: total,\n\t\t\t\t\tlimit: Number(ctx.query?.limit) || undefined,\n\t\t\t\t\toffset: Number(ctx.query?.offset) || undefined,\n\t\t\t\t});\n\t\t\t} catch {\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: [] as UserWithRole[],\n\t\t\t\t\ttotal: 0,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t);\n\nconst listUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/list-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.listUserSessions`\n *\n * **client:**\n * `authClient.admin.listUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)\n */\nexport const listUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tbody: listUserSessionsBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUserSessions\",\n\t\t\t\t\tsummary: \"List user sessions\",\n\t\t\t\t\tdescription: \"List user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of user sessions\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsessions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListSessions = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListSessions) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst sessions: SessionWithImpersonatedBy[] =\n\t\t\t\tawait ctx.context.internalAdapter.listSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsessions: sessions.map((s) =>\n\t\t\t\t\tparseSessionOutput(ctx.context.options, s),\n\t\t\t\t),\n\t\t\t});\n\t\t},\n\t);\n\nconst unbanUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/unban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.unbanUser`\n *\n * **client:**\n * `authClient.admin.unbanUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)\n */\nexport const unbanUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/unban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: unbanUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"unbanUser\",\n\t\t\t\t\tsummary: \"Unban a user\",\n\t\t\t\t\tdescription: \"Unban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User unbanned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: false,\n\t\t\t\t\tbanExpires: null,\n\t\t\t\t\tbanReason: null,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst banUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\t/**\n\t * Reason for the ban\n\t */\n\tbanReason: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The reason for the ban\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Number of seconds until the ban expires\n\t */\n\tbanExpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of seconds until the ban expires\",\n\t\t})\n\t\t.optional(),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/ban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.banUser`\n *\n * **client:**\n * `authClient.admin.banUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)\n */\nexport const banUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/ban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: banUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"banUser\",\n\t\t\t\t\tsummary: \"Ban a user\",\n\t\t\t\t\tdescription: \"Ban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User banned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst foundUser = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!foundUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: true,\n\t\t\t\t\tbanReason:\n\t\t\t\t\t\tctx.body.banReason || opts?.defaultBanReason || \"No reason\",\n\t\t\t\t\tbanExpires: ctx.body.banExpiresIn\n\t\t\t\t\t\t? getDate(ctx.body.banExpiresIn, \"sec\")\n\t\t\t\t\t\t: opts?.defaultBanExpiresIn\n\t\t\t\t\t\t\t? getDate(opts.defaultBanExpiresIn, \"sec\")\n\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\t//revoke all sessions\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst impersonateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/impersonate-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.impersonateUser`\n *\n * **client:**\n * `authClient.admin.impersonateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)\n */\nexport const impersonateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/impersonate-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: impersonateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"impersonateUser\",\n\t\t\t\t\tsummary: \"Impersonate a user\",\n\t\t\t\t\tdescription: \"Impersonate a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Impersonation session created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canImpersonateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"impersonate\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canImpersonateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst targetUser = (await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t)) as UserWithRole | null;\n\n\t\t\tif (!targetUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst adminRoles = (\n\t\t\t\tArray.isArray(opts.adminRoles)\n\t\t\t\t\t? opts.adminRoles\n\t\t\t\t\t: opts.adminRoles?.split(\",\") || []\n\t\t\t).map((role) => role.trim());\n\t\t\tconst targetUserRole = (\n\t\t\t\ttargetUser.role ||\n\t\t\t\topts.defaultRole ||\n\t\t\t\t\"user\"\n\t\t\t).split(\",\");\n\t\t\tconst isTargetAdmin =\n\t\t\t\ttargetUserRole.some((role) => adminRoles.includes(role)) ||\n\t\t\t\t!!opts.adminUserIds?.includes(targetUser.id);\n\t\t\tif (isTargetAdmin) {\n\t\t\t\tconst canImpersonateAdmins =\n\t\t\t\t\topts.allowImpersonatingAdmins === true ||\n\t\t\t\t\thasPermission({\n\t\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\t\toptions: opts,\n\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\tuser: [\"impersonate-admins\"],\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\tif (!canImpersonateAdmins) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\ttargetUser.id,\n\t\t\t\ttrue,\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: ctx.context.session.user.id,\n\t\t\t\t\texpiresAt: opts?.impersonationSessionDuration\n\t\t\t\t\t\t? getDate(opts.impersonationSessionDuration, \"sec\")\n\t\t\t\t\t\t: getDate(60 * 60, \"sec\"), // 1 hour\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authCookies = ctx.context.authCookies;\n\t\t\tdeleteSessionCookie(ctx);\n\t\t\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tconst adminCookieProp = ctx.context.createAuthCookie(\"admin_session\");\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tadminCookieProp.name,\n\t\t\t\t`${ctx.context.session.session.token}:${dontRememberMeCookie || \"\"}`,\n\t\t\t\tctx.context.secret,\n\t\t\t\tauthCookies.sessionToken.attributes,\n\t\t\t);\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession: session,\n\t\t\t\t\tuser: targetUser,\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: session,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, targetUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/stop-impersonating`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.stopImpersonating`\n *\n * **client:**\n * `authClient.admin.stopImpersonating`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)\n */\nexport const stopImpersonating = () =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/stop-impersonating\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<\n\t\t\t\t{},\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: string;\n\t\t\t\t}\n\t\t\t>(ctx);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session.session.impersonatedBy) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"You are not impersonating anyone\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tsession.session.impersonatedBy,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find user\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst adminSessionCookie = ctx.context.createAuthCookie(\"admin_session\");\n\n\t\t\tconst adminCookie = await ctx.getSignedCookie(\n\t\t\t\tadminSessionCookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\n\t\t\tif (!adminCookie) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(\":\");\n\t\t\tconst adminSession = await ctx.context.internalAdapter.findSession(\n\t\t\t\tadminSessionToken!,\n\t\t\t);\n\t\t\tif (!adminSession || adminSession.session.userId !== user.id) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\tawait setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);\n\t\t\texpireCookie(ctx, adminSessionCookie);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: parseSessionOutput(ctx.context.options, adminSession.session),\n\t\t\t\tuser: parseUserOutput(ctx.context.options, adminSession.user),\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionBodySchema = z.object({\n\tsessionToken: z.string().meta({\n\t\tdescription: \"The session token\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-session`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSession`\n *\n * **client:**\n * `authClient.admin.revokeUserSession`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)\n */\nexport const revokeUserSession = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-session\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSession\",\n\t\t\t\t\tsummary: \"Revoke a user session\",\n\t\t\t\t\tdescription: \"Revoke a user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Session revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSessions`\n *\n * **client:**\n * `authClient.admin.revokeUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)\n */\nexport const revokeUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionsBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSessions\",\n\t\t\t\t\tsummary: \"Revoke all user sessions\",\n\t\t\t\t\tdescription: \"Revoke all user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sessions revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst removeUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/remove-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.removeUser`\n *\n * **client:**\n * `authClient.admin.removeUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)\n */\nexport const removeUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/remove-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: removeUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"removeUser\",\n\t\t\t\t\tsummary: \"Remove a user\",\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Delete a user and all their sessions and accounts. Cannot be undone.\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User removed\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canDeleteUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"delete\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canDeleteUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteUser(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst setUserPasswordBodySchema = z.object({\n\tnewPassword: z.string().nonempty(\"newPassword cannot be empty\").meta({\n\t\tdescription: \"The new password\",\n\t}),\n\tuserId: z.coerce.string().nonempty(\"userId cannot be empty\").meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-user-password`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setUserPassword`\n *\n * **client:**\n * `authClient.admin.setUserPassword`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)\n */\nexport const setUserPassword = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-user-password\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setUserPasswordBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserPassword\",\n\t\t\t\t\tsummary: \"Set a user's password\",\n\t\t\t\t\tdescription: \"Set a user's password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Password set\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetUserPassword = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-password\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetUserPassword) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { newPassword, userId } = ctx.body;\n\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\tif (newPassword.length < minPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t\t}\n\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\tif (newPassword.length > maxPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t\t}\n\t\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst userHasPermissionBodySchema = z\n\t.object({\n\t\tuserId: z.coerce.string().optional().meta({\n\t\t\tdescription: `The user id. Eg: \"user-id\"`,\n\t\t}),\n\t\trole: z.string().optional().meta({\n\t\t\tdescription: `The role to check permission for. Eg: \"admin\"`,\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/has-permission`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.userHasPermission`\n *\n * **client:**\n * `authClient.admin.hasPermission`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)\n */\nexport const userHasPermission = <O extends AdminOptions>(opts: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/admin/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: userHasPermissionBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\tuserId?: string | undefined;\n\t\t\t\t\t\trole?: InferAdminRolesFromOption<O> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!ctx.body?.permissions) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"invalid permission check. no permission(s) were passed.\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session && !ctx.body.userId && !ctx.body.role) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user id or role is required\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user =\n\t\t\t\tsession?.user ||\n\t\t\t\t(ctx.body.role\n\t\t\t\t\t? { id: ctx.body.userId || \"\", role: ctx.body.role }\n\t\t\t\t\t: null) ||\n\t\t\t\t(ctx.body.userId\n\t\t\t\t\t? ((await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\t\t\tctx.body.userId as string,\n\t\t\t\t\t\t)) as { role?: string | undefined; id: string })\n\t\t\t\t\t: null);\n\t\t\tif (!user) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user not found\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst result = hasPermission({\n\t\t\t\tuserId: user.id,\n\t\t\t\trole: user.role,\n\t\t\t\toptions: opts as AdminOptions,\n\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAgCA,MAAM,kBAAkB,qBAAqB,OAAO,QAAQ;CAC3D,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,QAAO,EACN,SACA;EAMA;AAEF,SAAS,WAAW,OAAkC;AACrD,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAGjD,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,iDACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,kDACb,CAAC,CACF,CACD,CAAC,CACD,KAAK,EACL,aACC,gGACD,CAAC;CACH,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAmC,SAC/C,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,gBAAgB;CAChB,KAAK,CAAC,gBAAgB;CACtB,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EAIR;EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAEF,MAAM,QAAQ,KAAK;AACnB,KAAI,OAAO;EACV,MAAM,aAAa,MAAM,QAAQ,IAAI,KAAK,KAAK,GAC5C,IAAI,KAAK,OACT,CAAC,IAAI,KAAK,KAAK;AAClB,OAAK,MAAM,QAAQ,WAClB,KAAI,CAAC,MAAM,MACV,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;CAIJ,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,EACC,MAAM,WAAW,IAAI,KAAK,KAAK,EAC/B,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY,EACvD,CAAC;EAEH;AAEF,MAAM,qBAAqB,EAAE,OAAO,EACnC,IAAI,EAAE,QAAQ,CAAC,KAAK,EACnB,aAAa,sBACb,CAAC,EACF,CAAC;AAEF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,OAAO;CACP,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,OAAO,IAAI;AAWnB,KAAI,CATe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAGD,OAAM,SAAS,KACd,aACA,kBAAkB,gCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,GAAG;AAE/D,KAAI,CAAC,KACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,QAAO,gBAAgB,IAAI,QAAQ,SAAS,KAAK;EAElD;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aACC,wJACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,wBACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,wBACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,qBACb,CAAC,CACF,CACD,CAAC,CACD,UAAU,CACV,KAAK,EACL,aAAa,8FACb,CAAC;CAIH,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EACnD,aACC,kEACD,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAsC,SAClD,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EASR;EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAoC,IAAI;AAC9D,KAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,SASH;MAAI,CARkB,cAAc;GACnC,QAAQ,QAAQ,KAAK;GACrB,MAAM,QAAQ,KAAK;GACnB,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;;CAIH,MAAM,QAAQ,IAAI,KAAK,MAAM,aAAa;AAE1C,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAKnE,KADC,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM,CAExD,OAAM,SAAS,KACd,eACA,kBAAkB,sCAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAAyB;EAChE;EACP,MAAM,IAAI,KAAK;EACf,OACE,IAAI,KAAK,QAAQ,WAAW,IAAI,KAAK,KAAK,KAC3C,MAAM,eACN;EACD,GAAG,IAAI,KAAK;EACZ,CAAC;AAEF,KAAI,CAAC,KACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;AAGF,KAAI,IAAI,KAAK,UAAU;EACtB,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KACjD,IAAI,KAAK,SACT;AACD,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,WAAW,KAAK;GAChB,YAAY;GACZ,UAAU;GACV,QAAQ,KAAK;GACb,CAAC;;AAEH,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,EACrC,aAAa,2BACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,OAAO,KAAK,IAAI,KAAK,KAAK,CAAC,WAAW,EACzC,OAAM,SAAS,KAAK,eAAe,kBAAkB,kBAAkB;AAIxE,KAAI,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,MAAM,OAAO,EAAE;AAShE,MAAI,CARe,cAAc;GAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;EAGF,MAAM,YAAa,IAAI,KAAK,KAA6B;EACzD,MAAM,aAAa,MAAM,QAAQ,UAAU,GAAG,YAAY,CAAC,UAAU;AACrE,OAAK,MAAM,QAAQ,YAAY;AAC9B,OAAI,OAAO,SAAS,SACnB,OAAM,SAAS,KACd,eACA,kBAAkB,kBAClB;AAEF,OAAI,KAAK,SAAS,CAAC,KAAK,MAAM,MAC7B,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;AAGH,EAAC,IAAI,KAAK,KAA6B,OAAO,WAC7C,WACA;;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,IAAI,KAAK,KACT;AAED,QAAO,IAAI,KACV,gBAAgB,IAAI,QAAQ,SAAS,YAAY,CACjD;EAEF;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACvC,aAAa,8CACb,CAAC;CACF,aAAa,EACX,KAAK,CAAC,SAAS,OAAO,CAAC,CACvB,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAY;EAAe;EAAY,CAAC,CAC9C,KAAK,EACL,aACC,yGACD,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,wBACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,KAAK,CAAC,OAAO,OAAO,CAAC,CACrB,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,GAAG,EAAE,SAAS,CAAC,CACf,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,UAAU;CACZ,gBAAgB,EACd,KAAK,eAAe,CACpB,KAAK,EACL,aAAa,sCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,OAAO;MACN,MAAM;MACN,OAAO,EACN,MAAM,6BACN;MACD;KACD,OAAO,EACN,MAAM,UACN;KACD,OAAO,EACN,MAAM,UACN;KACD,QAAQ,EACP,MAAM,UACN;KACD;IACD,UAAU,CAAC,SAAS,QAAQ;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARiB,cAAc;EAClC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,OAAO,EACd;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,kCAClB;CAGF,MAAM,QAAiB,EAAE;AAEzB,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI,IAAI,OAAO,gBAAgB,OAC9B,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI;EACH,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,UAC/C,OAAO,IAAI,OAAO,MAAM,IAAI,QAC5B,OAAO,IAAI,OAAO,OAAO,IAAI,QAC7B,IAAI,OAAO,SACR;GACA,OAAO,IAAI,MAAM;GACjB,WAAW,IAAI,MAAM,iBAAiB;GACtC,GACA,QACH,MAAM,SAAS,QAAQ,OACvB;EACD,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,gBAC/C,MAAM,SAAS,QAAQ,OACvB;AACD,SAAO,IAAI,KAAK;GACf,OAAO,MAAM,KAAK,SACjB,gBAAgB,IAAI,QAAQ,SAAS,KAAK,CAC1C;GACM;GACP,OAAO,OAAO,IAAI,OAAO,MAAM,IAAI;GACnC,QAAQ,OAAO,IAAI,OAAO,OAAO,IAAI;GACrC,CAAC;SACK;AACP,SAAO,IAAI,KAAK;GACf,OAAO,EAAE;GACT,OAAO;GACP,CAAC;;EAGJ;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,SAChC,mBACC,6BACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,UAAU;KACT,MAAM;KACN,OAAO,EACN,MAAM,gCACN;KACD,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARoB,cAAc;EACrC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,OAAO,EACjB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,2CAClB;CAGF,MAAM,WACL,MAAM,IAAI,QAAQ,gBAAgB,aAAa,IAAI,KAAK,OAAO;AAChE,QAAO,IAAI,KAAK,EACf,UAAU,SAAS,KAAK,MACvB,mBAAmB,IAAI,QAAQ,SAAS,EAAE,CAC1C,EACD,CAAC;EAEH;AAEF,MAAM,sBAAsB,EAAE,OAAO,EACpC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,YAAY;EACZ,WAAW;EACX,2BAAW,IAAI,MAAM;EACrB,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CAIF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;AAOF,KAAI,CAJc,MAAM,IAAI,QAAQ,gBAAgB,aACnD,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,wBAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,WACC,IAAI,KAAK,aAAa,MAAM,oBAAoB;EACjD,YAAY,IAAI,KAAK,eAClB,QAAQ,IAAI,KAAK,cAAc,MAAM,GACrC,MAAM,sBACL,QAAQ,KAAK,qBAAqB,MAAM,GACxC;EACJ,2BAAW,IAAI,MAAM;EACrB,CACD;AAED,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,mBAAmB,SAC/B,mBACC,2BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,SAAS,EACR,MAAM,gCACN;KACD,MAAM,EACL,MAAM,6BACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,cAAc,EACrB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAGF,MAAM,aAAc,MAAM,IAAI,QAAQ,gBAAgB,aACrD,IAAI,KAAK,OACT;AAED,KAAI,CAAC,WACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;CAGlE,MAAM,cACL,MAAM,QAAQ,KAAK,WAAW,GAC3B,KAAK,aACL,KAAK,YAAY,MAAM,IAAI,IAAI,EAAE,EACnC,KAAK,SAAS,KAAK,MAAM,CAAC;AAS5B,MAPC,WAAW,QACX,KAAK,eACL,QACC,MAAM,IAAI,CAEI,MAAM,SAAS,WAAW,SAAS,KAAK,CAAC,IACxD,CAAC,CAAC,KAAK,cAAc,SAAS,WAAW,GAAG,EAY5C;MAAI,EATH,KAAK,6BAA6B,QAClC,cAAc;GACb,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,qBAAqB,EAC5B;GACD,CAAC,EAEF,OAAM,SAAS,KACd,aACA,kBAAkB,8BAClB;;CAIH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,WAAW,IACX,MACA;EACC,gBAAgB,IAAI,QAAQ,QAAQ,KAAK;EACzC,WAAW,MAAM,+BACd,QAAQ,KAAK,8BAA8B,MAAM,GACjD,QAAQ,MAAS,MAAM;EAC1B,EACD,KACA;AACD,KAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;CAEF,MAAM,cAAc,IAAI,QAAQ;AAChC,qBAAoB,IAAI;CACxB,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;CACD,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,gBAAgB;AACrE,OAAM,IAAI,gBACT,gBAAgB,MAChB,GAAG,IAAI,QAAQ,QAAQ,QAAQ,MAAM,GAAG,wBAAwB,MAChE,IAAI,QAAQ,QACZ,YAAY,aAAa,WACzB;AACD,OAAM,iBACL,KACA;EACU;EACT,MAAM;EACN,EACD,KACA;AACD,QAAO,IAAI,KAAK;EACN;EACT,MAAM,gBAAgB,IAAI,QAAQ,SAAS,WAAW;EACtD,CAAC;EAEH;;;;;;;;;;;;;;;;AAiBF,MAAa,0BACZ,mBACC,6BACA;CACC,QAAQ;CACR,gBAAgB;CAChB,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAKpB,IAAI;AACN,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,KAAI,CAAC,QAAQ,QAAQ,eACpB,OAAM,SAAS,WAAW,eAAe,EACxC,SAAS,oCACT,CAAC;CAEH,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,QAAQ,QAAQ,eAChB;AACD,KAAI,CAAC,KACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,uBACT,CAAC;CAEH,MAAM,qBAAqB,IAAI,QAAQ,iBAAiB,gBAAgB;CAExE,MAAM,cAAc,MAAM,IAAI,gBAC7B,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AAED,KAAI,CAAC,YACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;CAEH,MAAM,CAAC,mBAAmB,wBAAwB,aAAa,MAAM,IAAI;CACzE,MAAM,eAAe,MAAM,IAAI,QAAQ,gBAAgB,YACtD,kBACA;AACD,KAAI,CAAC,gBAAgB,aAAa,QAAQ,WAAW,KAAK,GACzD,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;AAEH,OAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,OAAM,iBAAiB,KAAK,cAAc,CAAC,CAAC,qBAAqB;AACjE,cAAa,KAAK,mBAAmB;AACrC,QAAO,IAAI,KAAK;EACf,SAAS,mBAAmB,IAAI,QAAQ,SAAS,aAAa,QAAQ;EACtE,MAAM,gBAAgB,IAAI,QAAQ,SAAS,aAAa,KAAK;EAC7D,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAAE,OAAO,EAC5C,cAAc,EAAE,QAAQ,CAAC,KAAK,EAC7B,aAAa,qBACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,SACjC,mBACC,8BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,cAAc,IAAI,KAAK,aAAa;AACtE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,+BAA+B,EAAE,OAAO,EAC7C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,sBAAsB,SAClC,mBACC,+BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAc,SAC1B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aACC;EACD,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,2BAClB;AAOF,KAAI,CAJS,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,OAAM,IAAI,QAAQ,gBAAgB,WAAW,IAAI,KAAK,OAAO;AAC7D,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,aAAa,EAAE,QAAQ,CAAC,SAAS,8BAA8B,CAAC,KAAK,EACpE,aAAa,oBACb,CAAC;CACF,QAAQ,EAAE,OAAO,QAAQ,CAAC,SAAS,yBAAyB,CAAC,KAAK,EACjE,aAAa,eACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,4BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,eAAe,EACtB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,0CAClB;CAGF,MAAM,EAAE,aAAa,WAAW,IAAI;CACpC,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,QAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;;CAExE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,QAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;;CAEvE,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AACnE,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AACxE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAClC,OAAO;CACP,QAAQ,EAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,EACzC,aAAa,8BACb,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAChC,aAAa,iDACb,CAAC;CACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;;;;;;;;;;;;;;;;AAiBF,MAAa,qBAA6C,SAAY;AAgBrE,QAAO,mBACN,yBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU;GACT,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,aAAa;MACZ,MAAM;MACN,aAAa;MACb,EACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD,QAAQ,EACP,MAAM,EAAE,EAIR;GACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,CAAC,IAAI,MAAM,YACd,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,2DACT,CAAC;EAEH,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAE5C,MAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,SAAS,eAAe;AAEnC,MAAI,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,KAAK,KAC7C,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,+BACT,CAAC;EAEH,MAAM,OACL,SAAS,SACR,IAAI,KAAK,OACP;GAAE,IAAI,IAAI,KAAK,UAAU;GAAI,MAAM,IAAI,KAAK;GAAM,GAClD,UACF,IAAI,KAAK,SACL,MAAM,IAAI,QAAQ,gBAAgB,aACpC,IAAI,KAAK,OACT,GACA;AACJ,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;EAEH,MAAM,SAAS,cAAc;GAC5B,QAAQ,KAAK;GACb,MAAM,KAAK;GACX,SAAS;GACT,aAAa,IAAI,KAAK;GACtB,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH"}
@@ -1,6 +1,6 @@
1
1
  import { InferOptionSchema, InferPluginContext, InferPluginErrorCodes, InferPluginIDs } from "../types/plugins.mjs";
2
2
  import { HIDE_METADATA } from "../utils/hide-metadata.mjs";
3
- import { AccessControl, Role, Statements, SubArray, Subset } from "./access/types.mjs";
3
+ import { AccessControl, ArrayElement, Role, Statements, SubArray, Subset } from "./access/types.mjs";
4
4
  import { AuthorizeResponse, createAccessControl, role } from "./access/access.mjs";
5
5
  import "./access/index.mjs";
6
6
  import { OrganizationOptions } from "./organization/types.mjs";
@@ -65,4 +65,4 @@ import { UsernameOptions, username } from "./username/index.mjs";
65
65
  import { hasPermission } from "./organization/has-permission.mjs";
66
66
  import { DefaultOrganizationPlugin, DynamicAccessControlEndpoints, OrganizationCreator, OrganizationEndpoints, OrganizationPlugin, TeamEndpoints, organization, parseRoles } from "./organization/organization.mjs";
67
67
  import "./organization/index.mjs";
68
- export { AccessControl, AdminOptions, AnonymousOptions, AnonymousSession, Auth0Options, AuthorizationQuery, AuthorizeResponse, BackupCodeOptions, BaseCaptchaOptions, BaseOAuthProviderOptions, BearerOptions, CaptchaFoxOptions, CaptchaOptions, Client, CloudflareTurnstileOptions, CodeVerificationValue, CustomSessionPluginOptions, DefaultOrganizationPlugin, DeviceAuthorizationOptions, DynamicAccessControlEndpoints, MULTI_SESSION_ERROR_CODES as ERROR_CODES, EmailOTPOptions, FieldSchema, GenericOAuthConfig, GenericOAuthOptions, GoogleRecaptchaOptions, GumroadOptions, HCaptchaOptions, HIDE_METADATA, HaveIBeenPwnedOptions, HubSpotOptions, InferAdminRolesFromOption, InferInvitation, InferMember, InferOptionSchema, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPluginContext, InferPluginErrorCodes, InferPluginIDs, InferTeam, Invitation, InvitationInput, InvitationStatus, JWKOptions, JWSAlgorithms, Jwk, JwtOptions, KeycloakOptions, LastLoginMethodOptions, LineOptions, LoginResult, MagicLinkOptions, Member, MemberInput, MicrosoftEntraIdOptions, MultiSessionConfig, OAuthAccessToken, OAuthProxyOptions, OIDCMetadata, OIDCOptions, OTPOptions, OktaOptions, OneTapOptions, OneTimeTokenOptions, OpenAPIModelSchema, OpenAPIOptions, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Path, PatreonOptions, PhoneNumberOptions, Provider, Role, SIWEPluginOptions, SessionWithImpersonatedBy, SlackOptions, Statements, SubArray, Subset, TOTPOptions, TWO_FACTOR_ERROR_CODES, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, TestCookie, TestHelpers, TestUtilsOptions, TimeString, TokenBody, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, USERNAME_ERROR_CODES, UserWithAnonymous, UserWithPhoneNumber, UserWithRole, UserWithTwoFactor, UsernameOptions, admin, anonymous, auth0, backupCode2fa, bearer, captcha, createAccessControl, createJwk, customSession, defaultRolesSchema, deviceAuthorization, deviceAuthorizationOptionsSchema, emailOTP, generateBackupCodes, generateExportedKeyPair, generator, genericOAuth, getBackupCodes, getClient, getJwtToken, getMCPProtectedResourceMetadata, getMCPProviderMetadata, getMetadata, getOrgAdapter, gumroad, hasPermission, haveIBeenPwned, hubspot, invitationSchema, invitationStatus, jwt, keycloak, lastLoginMethod, line, magicLink, mcp, memberSchema, microsoftEntraId, ms, multiSession, oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata, oAuthProxy, oidcProvider, okta, oneTap, oneTimeToken, openAPI, organization, organizationRoleSchema, organizationSchema, otp2fa, parseRoles, patreon, phoneNumber, role, roleSchema, sec, signJWT, siwe, slack, teamMemberSchema, teamSchema, testUtils, toExpJWT, totp2fa, twoFactor, twoFactorClient, username, verifyBackupCode, verifyJWT, withMcpAuth };
68
+ export { AccessControl, AdminOptions, AnonymousOptions, AnonymousSession, ArrayElement, Auth0Options, AuthorizationQuery, AuthorizeResponse, BackupCodeOptions, BaseCaptchaOptions, BaseOAuthProviderOptions, BearerOptions, CaptchaFoxOptions, CaptchaOptions, Client, CloudflareTurnstileOptions, CodeVerificationValue, CustomSessionPluginOptions, DefaultOrganizationPlugin, DeviceAuthorizationOptions, DynamicAccessControlEndpoints, MULTI_SESSION_ERROR_CODES as ERROR_CODES, EmailOTPOptions, FieldSchema, GenericOAuthConfig, GenericOAuthOptions, GoogleRecaptchaOptions, GumroadOptions, HCaptchaOptions, HIDE_METADATA, HaveIBeenPwnedOptions, HubSpotOptions, InferAdminRolesFromOption, InferInvitation, InferMember, InferOptionSchema, InferOrganization, InferOrganizationRolesFromOption, InferOrganizationZodRolesFromOption, InferPluginContext, InferPluginErrorCodes, InferPluginIDs, InferTeam, Invitation, InvitationInput, InvitationStatus, JWKOptions, JWSAlgorithms, Jwk, JwtOptions, KeycloakOptions, LastLoginMethodOptions, LineOptions, LoginResult, MagicLinkOptions, Member, MemberInput, MicrosoftEntraIdOptions, MultiSessionConfig, OAuthAccessToken, OAuthProxyOptions, OIDCMetadata, OIDCOptions, OTPOptions, OktaOptions, OneTapOptions, OneTimeTokenOptions, OpenAPIModelSchema, OpenAPIOptions, Organization, OrganizationCreator, OrganizationEndpoints, OrganizationInput, OrganizationOptions, OrganizationPlugin, OrganizationRole, OrganizationSchema, Path, PatreonOptions, PhoneNumberOptions, Provider, Role, SIWEPluginOptions, SessionWithImpersonatedBy, SlackOptions, Statements, SubArray, Subset, TOTPOptions, TWO_FACTOR_ERROR_CODES, Team, TeamEndpoints, TeamInput, TeamMember, TeamMemberInput, TestCookie, TestHelpers, TestUtilsOptions, TimeString, TokenBody, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, USERNAME_ERROR_CODES, UserWithAnonymous, UserWithPhoneNumber, UserWithRole, UserWithTwoFactor, UsernameOptions, admin, anonymous, auth0, backupCode2fa, bearer, captcha, createAccessControl, createJwk, customSession, defaultRolesSchema, deviceAuthorization, deviceAuthorizationOptionsSchema, emailOTP, generateBackupCodes, generateExportedKeyPair, generator, genericOAuth, getBackupCodes, getClient, getJwtToken, getMCPProtectedResourceMetadata, getMCPProviderMetadata, getMetadata, getOrgAdapter, gumroad, hasPermission, haveIBeenPwned, hubspot, invitationSchema, invitationStatus, jwt, keycloak, lastLoginMethod, line, magicLink, mcp, memberSchema, microsoftEntraId, ms, multiSession, oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata, oAuthProxy, oidcProvider, okta, oneTap, oneTimeToken, openAPI, organization, organizationRoleSchema, organizationSchema, otp2fa, parseRoles, patreon, phoneNumber, role, roleSchema, sec, signJWT, siwe, slack, teamMemberSchema, teamSchema, testUtils, toExpJWT, totp2fa, twoFactor, twoFactorClient, username, verifyBackupCode, verifyJWT, withMcpAuth };
@@ -2,7 +2,7 @@ import { FieldAttributeToObject, RemoveFieldsWithReturnedFalse } from "../../db/
2
2
  import { Prettify } from "../../types/helper.mjs";
3
3
  import { BetterAuthOptions as BetterAuthOptions$1 } from "../../types/index.mjs";
4
4
  import { AuthQueryAtom } from "../../client/query.mjs";
5
- import { AccessControl, Role, Statements } from "../access/types.mjs";
5
+ import { AccessControl, ArrayElement, Role, Statements } from "../access/types.mjs";
6
6
  import "../access/index.mjs";
7
7
  import "../../db/index.mjs";
8
8
  import { OrganizationOptions } from "./types.mjs";
@@ -143,13 +143,13 @@ declare const organizationClient: <CO extends OrganizationClientOptions>(options
143
143
  readonly invitation: readonly ["create", "cancel"];
144
144
  readonly team: readonly ["create", "update", "delete"];
145
145
  readonly ac: readonly ["create", "read", "update", "delete"];
146
- })[key] extends readonly unknown[] ? (CO["ac"] extends AccessControl<infer S extends Statements> ? S : {
146
+ })[key] extends readonly unknown[] ? ArrayElement<(CO["ac"] extends AccessControl<infer S extends Statements> ? S : {
147
147
  readonly organization: readonly ["update", "delete"];
148
148
  readonly member: readonly ["create", "update", "delete"];
149
149
  readonly invitation: readonly ["create", "cancel"];
150
150
  readonly team: readonly ["create", "update", "delete"];
151
151
  readonly ac: readonly ["create", "read", "update", "delete"];
152
- })[key][number] : never)[] | undefined };
152
+ })[key]> : never)[] | undefined };
153
153
  } & {
154
154
  role: R;
155
155
  }) => boolean;
@@ -1 +1 @@
1
- {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/organization/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { DBFieldAttribute } from \"@better-auth/core/db\";\nimport { atom } from \"nanostores\";\nimport { useAuthQuery } from \"../../client\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tMember,\n} from \"../../plugins/organization/schema\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../../types\";\nimport type { Prettify } from \"../../types/helper\";\nimport type { AccessControl, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, defaultRoles, memberAc, ownerAc } from \"./access\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport type { OrganizationPlugin } from \"./organization\";\nimport type { HasPermissionBaseInput } from \"./permission\";\nimport { hasPermissionFn } from \"./permission\";\nimport type { OrganizationOptions } from \"./types\";\n\nexport * from \"./error-codes\";\n\n/**\n * Using the same `hasPermissionFn` function, but without the need for a `ctx` parameter or the `organizationId` parameter.\n */\nexport const clientSideHasPermission = (input: HasPermissionBaseInput) => {\n\tconst acRoles: {\n\t\t[x: string]: Role<any> | undefined;\n\t} = input.options.roles || defaultRoles;\n\n\treturn hasPermissionFn(input, acRoles);\n};\n\ninterface OrganizationClientOptions {\n\tac?: AccessControl | undefined;\n\troles?:\n\t\t| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t| undefined;\n\tteams?:\n\t\t| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t| undefined;\n\tschema?:\n\t\t| {\n\t\t\t\torganization?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tmember?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tinvitation?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tteam?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\torganizationRole?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t }\n\t\t| undefined;\n\tdynamicAccessControl?:\n\t\t| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t| undefined;\n}\n\nexport const organizationClient = <CO extends OrganizationClientOptions>(\n\toptions?: CO | undefined,\n) => {\n\tconst $listOrg = atom<boolean>(false);\n\tconst $activeOrgSignal = atom<boolean>(false);\n\tconst $activeMemberSignal = atom<boolean>(false);\n\tconst $activeMemberRoleSignal = atom<boolean>(false);\n\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tCO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tmember: memberAc,\n\t\towner: ownerAc,\n\t\t...options?.roles,\n\t};\n\n\ttype OrganizationReturn = CO[\"teams\"] extends { enabled: true }\n\t\t? {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\tteams: InferTeam<CO>[];\n\t\t\t} & InferOrganization<CO>\n\t\t: {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t} & InferOrganization<CO>;\n\n\ttype Schema = CO[\"schema\"];\n\treturn {\n\t\tid: \"organization\",\n\t\t$InferServerPlugin: {} as OrganizationPlugin<{\n\t\t\tac: CO[\"ac\"] extends AccessControl\n\t\t\t\t? CO[\"ac\"]\n\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\troles: CO[\"roles\"] extends Record<string, Role>\n\t\t\t\t? CO[\"roles\"]\n\t\t\t\t: {\n\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\tmember: Role;\n\t\t\t\t\t\towner: Role;\n\t\t\t\t\t};\n\t\t\tteams: {\n\t\t\t\tenabled: CO[\"teams\"] extends { enabled: true } ? true : false;\n\t\t\t};\n\t\t\tschema: Schema;\n\t\t\tdynamicAccessControl: {\n\t\t\t\tenabled: CO[\"dynamicAccessControl\"] extends { enabled: true }\n\t\t\t\t\t? true\n\t\t\t\t\t: false;\n\t\t\t};\n\t\t}>,\n\t\tgetActions: ($fetch, _$store, co) => ({\n\t\t\t$Infer: {\n\t\t\t\tActiveOrganization: {} as OrganizationReturn,\n\t\t\t\tOrganization: {} as InferOrganization<CO>,\n\t\t\t\tInvitation: {} as InferInvitation<CO>,\n\t\t\t\tMember: {} as InferMember<CO>,\n\t\t\t\tTeam: {} as InferTeam<CO>,\n\t\t\t},\n\t\t\torganization: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends CO extends { roles: any }\n\t\t\t\t\t\t? keyof CO[\"roles\"]\n\t\t\t\t\t\t: \"admin\" | \"member\" | \"owner\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = clientSideHasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tgetAtoms: ($fetch) => {\n\t\t\tconst listOrganizations = useAuthQuery<InferOrganization<CO>[]>(\n\t\t\t\t$listOrg,\n\t\t\t\t\"/organization/list\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst activeOrganization = useAuthQuery<\n\t\t\t\tPrettify<\n\t\t\t\t\tInferOrganization<CO> & {\n\t\t\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\t\t}\n\t\t\t\t>\n\t\t\t>(\n\t\t\t\t[$activeOrgSignal],\n\t\t\t\t\"/organization/get-full-organization\",\n\t\t\t\t$fetch,\n\t\t\t\t() => ({\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t}),\n\t\t\t);\n\n\t\t\tconst activeMember = useAuthQuery<Member>(\n\t\t\t\t[$activeOrgSignal, $activeMemberSignal],\n\t\t\t\t\"/organization/get-active-member\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tconst activeMemberRole = useAuthQuery<{ role: string }>(\n\t\t\t\t[$activeOrgSignal, $activeMemberRoleSignal],\n\t\t\t\t\"/organization/get-active-member-role\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\treturn {\n\t\t\t\t$listOrg,\n\t\t\t\t$activeOrgSignal,\n\t\t\t\t$activeMemberSignal,\n\t\t\t\t$activeMemberRoleSignal,\n\t\t\t\tactiveOrganization,\n\t\t\t\tlistOrganizations,\n\t\t\t\tactiveMember,\n\t\t\t\tactiveMemberRole,\n\t\t\t};\n\t\t},\n\t\tpathMethods: {\n\t\t\t\"/organization/get-full-organization\": \"GET\",\n\t\t\t\"/organization/list-user-teams\": \"GET\",\n\t\t},\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath === \"/organization/create\" ||\n\t\t\t\t\t\tpath === \"/organization/delete\" ||\n\t\t\t\t\t\tpath === \"/organization/update\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$listOrg\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn path.startsWith(\"/organization\");\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeOrgSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\") ||\n\t\t\t\t\t\tpath === \"/organization/create\" ||\n\t\t\t\t\t\tpath === \"/organization/delete\" ||\n\t\t\t\t\t\tpath === \"/organization/remove-member\" ||\n\t\t\t\t\t\tpath === \"/organization/leave\" ||\n\t\t\t\t\t\tpath === \"/organization/accept-invitation\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") ||\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") ||\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberRoleSignal\",\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport const inferOrgAdditionalFields = <\n\tO extends {\n\t\toptions: BetterAuthOptions;\n\t},\n\tS extends OrganizationOptions[\"schema\"] = undefined,\n>(\n\tschema?: S | undefined,\n) => {\n\ttype FindById<\n\t\tT extends readonly BetterAuthPlugin[],\n\t\tTargetId extends string,\n\t> = Extract<T[number], { id: TargetId }>;\n\n\ttype Auth = O extends { options: any } ? O : { options: { plugins: [] } };\n\n\ttype OrganizationPlugin = FindById<\n\t\t// @ts-expect-error\n\t\tAuth[\"options\"][\"plugins\"],\n\t\t\"organization\"\n\t>;\n\n\t// The server schema can contain more properties other than additionalFields, but the client only supports additionalFields\n\t// if we don't remove all other properties we may see assignability issues\n\n\ttype ExtractClientOnlyFields<T> = {\n\t\t[K in keyof T]: T[K] extends { additionalFields: infer _AF }\n\t\t\t? T[K]\n\t\t\t: undefined;\n\t};\n\n\ttype Schema = O extends Object\n\t\t? O extends Exclude<OrganizationOptions[\"schema\"], undefined>\n\t\t\t? O\n\t\t\t: OrganizationPlugin extends { options: { schema: infer S } }\n\t\t\t\t? S extends OrganizationOptions[\"schema\"]\n\t\t\t\t\t? ExtractClientOnlyFields<S>\n\t\t\t\t\t: undefined\n\t\t\t\t: undefined\n\t\t: undefined;\n\treturn {} as undefined extends S ? Schema : S;\n};\n\nexport type * from \"./schema\";\n"],"mappings":";;;;;;;;;;;;AA2BA,MAAa,2BAA2B,UAAkC;AAKzE,QAAO,gBAAgB,OAFnB,MAAM,QAAQ,SAAS,aAEW;;AAmDvC,MAAa,sBACZ,YACI;CACJ,MAAM,WAAW,KAAc,MAAM;CACrC,MAAM,mBAAmB,KAAc,MAAM;CAC7C,MAAM,sBAAsB,KAAc,MAAM;CAChD,MAAM,0BAA0B,KAAc,MAAM;CAgBpD,MAAM,QAAQ;EACb,OAAO;EACP,QAAQ;EACR,OAAO;EACP,GAAG,SAAS;EACZ;AAcD,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAqBtB,aAAa,QAAQ,SAAS,QAAQ;GACrC,QAAQ;IACP,oBAAoB,EAAE;IACtB,cAAc,EAAE;IAChB,YAAY,EAAE;IACd,QAAQ,EAAE;IACV,MAAM,EAAE;IACR;GACD,cAAc,EACb,sBAKC,SAGI;AASJ,WARqB,wBAAwB;KAC5C,MAAM,KAAK;KACX,SAAS;MACR,IAAI,SAAS;MACN;MACP;KACD,aAAa,KAAK;KAClB,CAAC;MAGH;GACD;EACD,WAAW,WAAW;GACrB,MAAM,oBAAoB,aACzB,UACA,sBACA,QACA,EACC,QAAQ,OACR,CACD;AAmCD,UAAO;IACN;IACA;IACA;IACA;IACA,oBAvC0B,aAQ1B,CAAC,iBAAiB,EAClB,uCACA,eACO,EACN,QAAQ,OACR,EACD;IA0BA;IACA,cAzBoB,aACpB,CAAC,kBAAkB,oBAAoB,EACvC,mCACA,QACA,EACC,QAAQ,OACR,CACD;IAmBA,kBAjBwB,aACxB,CAAC,kBAAkB,wBAAwB,EAC3C,wCACA,QACA,EACC,QAAQ,OACR,CACD;IAWA;;EAEF,aAAa;GACZ,uCAAuC;GACvC,iCAAiC;GACjC;EACD,eAAe;GACd;IACC,QAAQ,MAAM;AACb,YACC,SAAS,0BACT,SAAS,0BACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YAAO,KAAK,WAAW,gBAAgB;;IAExC,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,WAAW,2BAA2B,IAC3C,SAAS,0BACT,SAAS,0BACT,SAAS,iCACT,SAAS,yBACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;EACD,cAAc;EACd;;AAGF,MAAa,4BAMZ,WACI;AAgCJ,QAAO,EAAE"}
1
+ {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/organization/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { DBFieldAttribute } from \"@better-auth/core/db\";\nimport { atom } from \"nanostores\";\nimport { useAuthQuery } from \"../../client\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tMember,\n} from \"../../plugins/organization/schema\";\nimport type { BetterAuthOptions, BetterAuthPlugin } from \"../../types\";\nimport type { Prettify } from \"../../types/helper\";\nimport type { AccessControl, ArrayElement, Role } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { adminAc, defaultRoles, memberAc, ownerAc } from \"./access\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport type { OrganizationPlugin } from \"./organization\";\nimport type { HasPermissionBaseInput } from \"./permission\";\nimport { hasPermissionFn } from \"./permission\";\nimport type { OrganizationOptions } from \"./types\";\n\nexport * from \"./error-codes\";\n\n/**\n * Using the same `hasPermissionFn` function, but without the need for a `ctx` parameter or the `organizationId` parameter.\n */\nexport const clientSideHasPermission = (input: HasPermissionBaseInput) => {\n\tconst acRoles: {\n\t\t[x: string]: Role<any> | undefined;\n\t} = input.options.roles || defaultRoles;\n\n\treturn hasPermissionFn(input, acRoles);\n};\n\ninterface OrganizationClientOptions {\n\tac?: AccessControl | undefined;\n\troles?:\n\t\t| {\n\t\t\t\t[key in string]: Role;\n\t\t }\n\t\t| undefined;\n\tteams?:\n\t\t| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t| undefined;\n\tschema?:\n\t\t| {\n\t\t\t\torganization?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tmember?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tinvitation?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\tteam?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t\torganizationRole?: {\n\t\t\t\t\tadditionalFields?: {\n\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t }\n\t\t| undefined;\n\tdynamicAccessControl?:\n\t\t| {\n\t\t\t\tenabled: boolean;\n\t\t }\n\t\t| undefined;\n}\n\nexport const organizationClient = <CO extends OrganizationClientOptions>(\n\toptions?: CO | undefined,\n) => {\n\tconst $listOrg = atom<boolean>(false);\n\tconst $activeOrgSignal = atom<boolean>(false);\n\tconst $activeMemberSignal = atom<boolean>(false);\n\tconst $activeMemberRoleSignal = atom<boolean>(false);\n\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tCO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? ArrayElement<Statements[key]>\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\tconst roles = {\n\t\tadmin: adminAc,\n\t\tmember: memberAc,\n\t\towner: ownerAc,\n\t\t...options?.roles,\n\t};\n\n\ttype OrganizationReturn = CO[\"teams\"] extends { enabled: true }\n\t\t? {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\tteams: InferTeam<CO>[];\n\t\t\t} & InferOrganization<CO>\n\t\t: {\n\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t} & InferOrganization<CO>;\n\n\ttype Schema = CO[\"schema\"];\n\treturn {\n\t\tid: \"organization\",\n\t\t$InferServerPlugin: {} as OrganizationPlugin<{\n\t\t\tac: CO[\"ac\"] extends AccessControl\n\t\t\t\t? CO[\"ac\"]\n\t\t\t\t: AccessControl<DefaultStatements>;\n\t\t\troles: CO[\"roles\"] extends Record<string, Role>\n\t\t\t\t? CO[\"roles\"]\n\t\t\t\t: {\n\t\t\t\t\t\tadmin: Role;\n\t\t\t\t\t\tmember: Role;\n\t\t\t\t\t\towner: Role;\n\t\t\t\t\t};\n\t\t\tteams: {\n\t\t\t\tenabled: CO[\"teams\"] extends { enabled: true } ? true : false;\n\t\t\t};\n\t\t\tschema: Schema;\n\t\t\tdynamicAccessControl: {\n\t\t\t\tenabled: CO[\"dynamicAccessControl\"] extends { enabled: true }\n\t\t\t\t\t? true\n\t\t\t\t\t: false;\n\t\t\t};\n\t\t}>,\n\t\tgetActions: ($fetch, _$store, co) => ({\n\t\t\t$Infer: {\n\t\t\t\tActiveOrganization: {} as OrganizationReturn,\n\t\t\t\tOrganization: {} as InferOrganization<CO>,\n\t\t\t\tInvitation: {} as InferInvitation<CO>,\n\t\t\t\tMember: {} as InferMember<CO>,\n\t\t\t\tTeam: {} as InferTeam<CO>,\n\t\t\t},\n\t\t\torganization: {\n\t\t\t\tcheckRolePermission: <\n\t\t\t\t\tR extends CO extends { roles: any }\n\t\t\t\t\t\t? keyof CO[\"roles\"]\n\t\t\t\t\t\t: \"admin\" | \"member\" | \"owner\",\n\t\t\t\t>(\n\t\t\t\t\tdata: PermissionExclusive & {\n\t\t\t\t\t\trole: R;\n\t\t\t\t\t},\n\t\t\t\t) => {\n\t\t\t\t\tconst isAuthorized = clientSideHasPermission({\n\t\t\t\t\t\trole: data.role as string,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tac: options?.ac,\n\t\t\t\t\t\t\troles: roles,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermissions: data.permissions as any,\n\t\t\t\t\t});\n\t\t\t\t\treturn isAuthorized;\n\t\t\t\t},\n\t\t\t},\n\t\t}),\n\t\tgetAtoms: ($fetch) => {\n\t\t\tconst listOrganizations = useAuthQuery<InferOrganization<CO>[]>(\n\t\t\t\t$listOrg,\n\t\t\t\t\"/organization/list\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst activeOrganization = useAuthQuery<\n\t\t\t\tPrettify<\n\t\t\t\t\tInferOrganization<CO> & {\n\t\t\t\t\t\tmembers: InferMember<CO>[];\n\t\t\t\t\t\tinvitations: InferInvitation<CO>[];\n\t\t\t\t\t}\n\t\t\t\t>\n\t\t\t>(\n\t\t\t\t[$activeOrgSignal],\n\t\t\t\t\"/organization/get-full-organization\",\n\t\t\t\t$fetch,\n\t\t\t\t() => ({\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t}),\n\t\t\t);\n\n\t\t\tconst activeMember = useAuthQuery<Member>(\n\t\t\t\t[$activeOrgSignal, $activeMemberSignal],\n\t\t\t\t\"/organization/get-active-member\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tconst activeMemberRole = useAuthQuery<{ role: string }>(\n\t\t\t\t[$activeOrgSignal, $activeMemberRoleSignal],\n\t\t\t\t\"/organization/get-active-member-role\",\n\t\t\t\t$fetch,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\treturn {\n\t\t\t\t$listOrg,\n\t\t\t\t$activeOrgSignal,\n\t\t\t\t$activeMemberSignal,\n\t\t\t\t$activeMemberRoleSignal,\n\t\t\t\tactiveOrganization,\n\t\t\t\tlistOrganizations,\n\t\t\t\tactiveMember,\n\t\t\t\tactiveMemberRole,\n\t\t\t};\n\t\t},\n\t\tpathMethods: {\n\t\t\t\"/organization/get-full-organization\": \"GET\",\n\t\t\t\"/organization/list-user-teams\": \"GET\",\n\t\t},\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath === \"/organization/create\" ||\n\t\t\t\t\t\tpath === \"/organization/delete\" ||\n\t\t\t\t\t\tpath === \"/organization/update\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$listOrg\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn path.startsWith(\"/organization\");\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeOrgSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\") ||\n\t\t\t\t\t\tpath === \"/organization/create\" ||\n\t\t\t\t\t\tpath === \"/organization/delete\" ||\n\t\t\t\t\t\tpath === \"/organization/remove-member\" ||\n\t\t\t\t\t\tpath === \"/organization/leave\" ||\n\t\t\t\t\t\tpath === \"/organization/accept-invitation\"\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") ||\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberSignal\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tmatcher(path) {\n\t\t\t\t\treturn (\n\t\t\t\t\t\tpath.includes(\"/organization/update-member-role\") ||\n\t\t\t\t\t\tpath.startsWith(\"/organization/set-active\")\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsignal: \"$activeMemberRoleSignal\",\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport const inferOrgAdditionalFields = <\n\tO extends {\n\t\toptions: BetterAuthOptions;\n\t},\n\tS extends OrganizationOptions[\"schema\"] = undefined,\n>(\n\tschema?: S | undefined,\n) => {\n\ttype FindById<\n\t\tT extends readonly BetterAuthPlugin[],\n\t\tTargetId extends string,\n\t> = Extract<T[number], { id: TargetId }>;\n\n\ttype Auth = O extends { options: any } ? O : { options: { plugins: [] } };\n\n\ttype OrganizationPlugin = FindById<\n\t\t// @ts-expect-error\n\t\tAuth[\"options\"][\"plugins\"],\n\t\t\"organization\"\n\t>;\n\n\t// The server schema can contain more properties other than additionalFields, but the client only supports additionalFields\n\t// if we don't remove all other properties we may see assignability issues\n\n\ttype ExtractClientOnlyFields<T> = {\n\t\t[K in keyof T]: T[K] extends { additionalFields: infer _AF }\n\t\t\t? T[K]\n\t\t\t: undefined;\n\t};\n\n\ttype Schema = O extends Object\n\t\t? O extends Exclude<OrganizationOptions[\"schema\"], undefined>\n\t\t\t? O\n\t\t\t: OrganizationPlugin extends { options: { schema: infer S } }\n\t\t\t\t? S extends OrganizationOptions[\"schema\"]\n\t\t\t\t\t? ExtractClientOnlyFields<S>\n\t\t\t\t\t: undefined\n\t\t\t\t: undefined\n\t\t: undefined;\n\treturn {} as undefined extends S ? Schema : S;\n};\n\nexport type * from \"./schema\";\n"],"mappings":";;;;;;;;;;;;AA2BA,MAAa,2BAA2B,UAAkC;AAKzE,QAAO,gBAAgB,OAFnB,MAAM,QAAQ,SAAS,aAEW;;AAmDvC,MAAa,sBACZ,YACI;CACJ,MAAM,WAAW,KAAc,MAAM;CACrC,MAAM,mBAAmB,KAAc,MAAM;CAC7C,MAAM,sBAAsB,KAAc,MAAM;CAChD,MAAM,0BAA0B,KAAc,MAAM;CAgBpD,MAAM,QAAQ;EACb,OAAO;EACP,QAAQ;EACR,OAAO;EACP,GAAG,SAAS;EACZ;AAcD,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAqBtB,aAAa,QAAQ,SAAS,QAAQ;GACrC,QAAQ;IACP,oBAAoB,EAAE;IACtB,cAAc,EAAE;IAChB,YAAY,EAAE;IACd,QAAQ,EAAE;IACV,MAAM,EAAE;IACR;GACD,cAAc,EACb,sBAKC,SAGI;AASJ,WARqB,wBAAwB;KAC5C,MAAM,KAAK;KACX,SAAS;MACR,IAAI,SAAS;MACN;MACP;KACD,aAAa,KAAK;KAClB,CAAC;MAGH;GACD;EACD,WAAW,WAAW;GACrB,MAAM,oBAAoB,aACzB,UACA,sBACA,QACA,EACC,QAAQ,OACR,CACD;AAmCD,UAAO;IACN;IACA;IACA;IACA;IACA,oBAvC0B,aAQ1B,CAAC,iBAAiB,EAClB,uCACA,eACO,EACN,QAAQ,OACR,EACD;IA0BA;IACA,cAzBoB,aACpB,CAAC,kBAAkB,oBAAoB,EACvC,mCACA,QACA,EACC,QAAQ,OACR,CACD;IAmBA,kBAjBwB,aACxB,CAAC,kBAAkB,wBAAwB,EAC3C,wCACA,QACA,EACC,QAAQ,OACR,CACD;IAWA;;EAEF,aAAa;GACZ,uCAAuC;GACvC,iCAAiC;GACjC;EACD,eAAe;GACd;IACC,QAAQ,MAAM;AACb,YACC,SAAS,0BACT,SAAS,0BACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YAAO,KAAK,WAAW,gBAAgB;;IAExC,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,WAAW,2BAA2B,IAC3C,SAAS,0BACT,SAAS,0BACT,SAAS,iCACT,SAAS,yBACT,SAAS;;IAGX,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;IACC,QAAQ,MAAM;AACb,YACC,KAAK,SAAS,mCAAmC,IACjD,KAAK,WAAW,2BAA2B;;IAG7C,QAAQ;IACR;GACD;EACD,cAAc;EACd;;AAGF,MAAa,4BAMZ,WACI;AAgCJ,QAAO,EAAE"}
@@ -1,4 +1,4 @@
1
- import { AccessControl, Statements } from "../access/types.mjs";
1
+ import { AccessControl, ArrayElement, Statements } from "../access/types.mjs";
2
2
  import "../access/index.mjs";
3
3
  import { OrganizationOptions } from "./types.mjs";
4
4
  import { InferInvitation, InferMember, InferOrganization, InferTeam, OrganizationSchema, Team, TeamMember } from "./schema.mjs";
@@ -172,13 +172,13 @@ declare const createHasPermission: <O extends OrganizationOptions>(options: O) =
172
172
  readonly invitation: readonly ["create", "cancel"];
173
173
  readonly team: readonly ["create", "update", "delete"];
174
174
  readonly ac: readonly ["create", "read", "update", "delete"];
175
- })[key] extends readonly unknown[] ? (O["ac"] extends AccessControl<infer S extends Statements> ? S : {
175
+ })[key] extends readonly unknown[] ? ArrayElement<(O["ac"] extends AccessControl<infer S extends Statements> ? S : {
176
176
  readonly organization: readonly ["update", "delete"];
177
177
  readonly member: readonly ["create", "update", "delete"];
178
178
  readonly invitation: readonly ["create", "cancel"];
179
179
  readonly team: readonly ["create", "update", "delete"];
180
180
  readonly ac: readonly ["create", "read", "update", "delete"];
181
- })[key][number] : never)[] | undefined };
181
+ })[key]> : never)[] | undefined };
182
182
  } & {
183
183
  organizationId?: string | undefined;
184
184
  };