better-auth 1.5.4 → 1.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (117) hide show
  1. package/dist/adapters/index.d.mts +25 -1
  2. package/dist/adapters/index.mjs +9 -1
  3. package/dist/adapters/index.mjs.map +1 -0
  4. package/dist/api/index.d.mts +36 -10
  5. package/dist/api/index.mjs +19 -4
  6. package/dist/api/index.mjs.map +1 -1
  7. package/dist/api/middlewares/origin-check.mjs +17 -8
  8. package/dist/api/middlewares/origin-check.mjs.map +1 -1
  9. package/dist/api/routes/account.d.mts +1 -1
  10. package/dist/api/routes/email-verification.d.mts +0 -1
  11. package/dist/api/routes/password.d.mts +1 -0
  12. package/dist/api/routes/password.mjs +2 -1
  13. package/dist/api/routes/password.mjs.map +1 -1
  14. package/dist/api/routes/session.d.mts +0 -1
  15. package/dist/api/routes/sign-in.d.mts +16 -2
  16. package/dist/api/routes/sign-in.mjs +10 -2
  17. package/dist/api/routes/sign-in.mjs.map +1 -1
  18. package/dist/api/routes/sign-up.d.mts +0 -1
  19. package/dist/api/routes/sign-up.mjs +3 -2
  20. package/dist/api/routes/sign-up.mjs.map +1 -1
  21. package/dist/api/routes/update-session.d.mts +0 -1
  22. package/dist/api/routes/update-user.d.mts +0 -1
  23. package/dist/api/to-auth-endpoints.mjs +49 -12
  24. package/dist/api/to-auth-endpoints.mjs.map +1 -1
  25. package/dist/auth/full.d.mts +0 -1
  26. package/dist/auth/minimal.d.mts +0 -1
  27. package/dist/client/index.d.mts +3 -4
  28. package/dist/client/index.mjs.map +1 -1
  29. package/dist/client/path-to-object.d.mts +9 -2
  30. package/dist/client/query.mjs +3 -2
  31. package/dist/client/query.mjs.map +1 -1
  32. package/dist/client/session-refresh.d.mts +11 -3
  33. package/dist/client/session-refresh.mjs +13 -8
  34. package/dist/client/session-refresh.mjs.map +1 -1
  35. package/dist/client/types.d.mts +0 -1
  36. package/dist/context/create-context.mjs +4 -1
  37. package/dist/context/create-context.mjs.map +1 -1
  38. package/dist/context/helpers.mjs +10 -4
  39. package/dist/context/helpers.mjs.map +1 -1
  40. package/dist/cookies/index.d.mts +0 -1
  41. package/dist/cookies/session-store.d.mts +0 -2
  42. package/dist/db/get-migration.mjs +3 -2
  43. package/dist/db/get-migration.mjs.map +1 -1
  44. package/dist/db/index.d.mts +2 -2
  45. package/dist/db/internal-adapter.d.mts +2 -1
  46. package/dist/db/internal-adapter.mjs +1 -1
  47. package/dist/db/internal-adapter.mjs.map +1 -1
  48. package/dist/db/schema.d.mts +0 -1
  49. package/dist/db/with-hooks.d.mts +6 -2
  50. package/dist/db/with-hooks.mjs +72 -31
  51. package/dist/db/with-hooks.mjs.map +1 -1
  52. package/dist/index.d.mts +0 -2
  53. package/dist/integrations/node.d.mts +0 -1
  54. package/dist/oauth2/link-account.d.mts +0 -1
  55. package/dist/plugins/admin/access/statement.d.mts +0 -2
  56. package/dist/plugins/admin/admin.d.mts +0 -1
  57. package/dist/plugins/admin/client.d.mts +0 -2
  58. package/dist/plugins/admin/types.d.mts +0 -2
  59. package/dist/plugins/anonymous/types.d.mts +0 -1
  60. package/dist/plugins/email-otp/index.mjs +2 -1
  61. package/dist/plugins/email-otp/index.mjs.map +1 -1
  62. package/dist/plugins/email-otp/otp-token.mjs +31 -2
  63. package/dist/plugins/email-otp/otp-token.mjs.map +1 -1
  64. package/dist/plugins/email-otp/routes.mjs +60 -59
  65. package/dist/plugins/email-otp/routes.mjs.map +1 -1
  66. package/dist/plugins/email-otp/types.d.mts +12 -0
  67. package/dist/plugins/email-otp/utils.mjs +4 -1
  68. package/dist/plugins/email-otp/utils.mjs.map +1 -1
  69. package/dist/plugins/generic-oauth/client.d.mts +0 -1
  70. package/dist/plugins/generic-oauth/index.d.mts +0 -1
  71. package/dist/plugins/index.d.mts +0 -3
  72. package/dist/plugins/jwt/types.d.mts +0 -1
  73. package/dist/plugins/magic-link/index.d.mts +2 -0
  74. package/dist/plugins/magic-link/index.mjs +5 -3
  75. package/dist/plugins/magic-link/index.mjs.map +1 -1
  76. package/dist/plugins/mcp/index.d.mts +0 -1
  77. package/dist/plugins/oidc-provider/authorize.mjs +13 -4
  78. package/dist/plugins/oidc-provider/authorize.mjs.map +1 -1
  79. package/dist/plugins/oidc-provider/error.mjs +12 -2
  80. package/dist/plugins/oidc-provider/error.mjs.map +1 -1
  81. package/dist/plugins/oidc-provider/index.d.mts +0 -1
  82. package/dist/plugins/oidc-provider/types.d.mts +0 -1
  83. package/dist/plugins/one-time-token/index.d.mts +0 -1
  84. package/dist/plugins/organization/access/statement.d.mts +0 -2
  85. package/dist/plugins/organization/adapter.d.mts +0 -2
  86. package/dist/plugins/organization/adapter.mjs +2 -2
  87. package/dist/plugins/organization/adapter.mjs.map +1 -1
  88. package/dist/plugins/organization/client.d.mts +0 -5
  89. package/dist/plugins/organization/organization.d.mts +0 -2
  90. package/dist/plugins/organization/permission.d.mts +0 -1
  91. package/dist/plugins/organization/routes/crud-access-control.d.mts +0 -2
  92. package/dist/plugins/organization/routes/crud-invites.d.mts +0 -3
  93. package/dist/plugins/organization/routes/crud-invites.mjs +1 -1
  94. package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -1
  95. package/dist/plugins/organization/routes/crud-members.d.mts +0 -3
  96. package/dist/plugins/organization/routes/crud-members.mjs +1 -1
  97. package/dist/plugins/organization/routes/crud-members.mjs.map +1 -1
  98. package/dist/plugins/organization/routes/crud-org.d.mts +0 -3
  99. package/dist/plugins/organization/routes/crud-team.d.mts +2 -3
  100. package/dist/plugins/organization/routes/crud-team.mjs +18 -14
  101. package/dist/plugins/organization/routes/crud-team.mjs.map +1 -1
  102. package/dist/plugins/organization/schema.d.mts +0 -1
  103. package/dist/plugins/organization/types.d.mts +0 -2
  104. package/dist/plugins/phone-number/types.d.mts +0 -1
  105. package/dist/plugins/siwe/index.d.mts +0 -1
  106. package/dist/plugins/test-utils/types.d.mts +0 -2
  107. package/dist/plugins/two-factor/client.d.mts +7 -0
  108. package/dist/plugins/two-factor/client.mjs +5 -1
  109. package/dist/plugins/two-factor/client.mjs.map +1 -1
  110. package/dist/plugins/two-factor/index.mjs +7 -1
  111. package/dist/plugins/two-factor/index.mjs.map +1 -1
  112. package/dist/plugins/two-factor/otp/index.d.mts +2 -2
  113. package/dist/plugins/two-factor/otp/index.mjs.map +1 -1
  114. package/dist/plugins/two-factor/types.d.mts +7 -1
  115. package/dist/test-utils/test-instance.d.mts +108 -21
  116. package/dist/types/index.d.mts +0 -1
  117. package/package.json +13 -10
package/dist/api/routes/password.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"password.mjs","names":[],"sources":["../../../src/api/routes/password.ts"],"sourcesContent":["import type { AuthContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { generateId } from \"@better-auth/core/utils/id\";\nimport * as z from \"zod\";\nimport { getDate } from \"../../utils/date\";\nimport { validatePassword } from \"../../utils/password\";\nimport { originCheck } from \"../middlewares\";\nimport { sensitiveSessionMiddleware } from \"./session\";\n\nfunction redirectError(\n\tctx: AuthContext,\n\tcallbackURL: string | undefined,\n\tquery?: Record<string, string> | undefined,\n): string {\n\tconst url = callbackURL\n\t\t? new URL(callbackURL, ctx.baseURL)\n\t\t: new URL(`${ctx.baseURL}/error`);\n\tif (query)\n\t\tObject.entries(query).forEach(([k, v]) => url.searchParams.set(k, v));\n\treturn url.href;\n}\n\nfunction redirectCallback(\n\tctx: AuthContext,\n\tcallbackURL: string,\n\tquery?: Record<string, string> | undefined,\n): string {\n\tconst url = new URL(callbackURL, ctx.baseURL);\n\tif (query)\n\t\tObject.entries(query).forEach(([k, v]) => url.searchParams.set(k, v));\n\treturn url.href;\n}\n\nexport const requestPasswordReset = createAuthEndpoint(\n\t\"/request-password-reset\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * The email address of the user to send a password reset email to.\n\t\t\t */\n\t\t\temail: z.email().meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"The email address of the user to send a password reset email to\",\n\t\t\t}),\n\t\t\t/**\n\t\t\t * The URL to redirect the user to reset their password.\n\t\t\t * If the token isn't valid or expired, it'll be redirected with a query parameter `?\n\t\t\t * error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?\n\t\t\t * token=VALID_TOKEN\n\t\t\t */\n\t\t\tredirectTo: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"requestPasswordReset\",\n\t\t\t\tdescription: \"Send a password reset email to the user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.sendResetPassword) {\n\t\t\tctx.context.logger.error(\n\t\t\t\t\"Reset password isn't enabled.Please pass an emailAndPassword.sendResetPassword function in your auth config!\",\n\t\t\t);\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Reset password isn't enabled\",\n\t\t\t\tcode: \"RESET_PASSWORD_DISABLED\",\n\t\t\t});\n\t\t}\n\t\tconst { email, redirectTo } = ctx.body;\n\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email, {\n\t\t\tincludeAccounts: true,\n\t\t});\n\t\tif (!user) {\n\t\t\t/**\n\t\t\t * We simulate the verification token generation and the database lookup\n\t\t\t * to mitigate timing attacks.\n\t\t\t */\n\t\t\tgenerateId(24);\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\t\"dummy-verification-token\",\n\t\t\t);\n\t\t\tctx.context.logger.error(\"Reset Password: User not found\", { email });\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t\tmessage:\n\t\t\t\t\t\"If this email exists in our system, check your email for the reset link\",\n\t\t\t});\n\t\t}\n\t\tconst defaultExpiresIn = 60 * 60 * 1;\n\t\tconst expiresAt = getDate(\n\t\t\tctx.context.options.emailAndPassword.resetPasswordTokenExpiresIn ||\n\t\t\t\tdefaultExpiresIn,\n\t\t\t\"sec\",\n\t\t);\n\t\tconst verificationToken = generateId(24);\n\t\tawait ctx.context.internalAdapter.createVerificationValue({\n\t\t\tvalue: user.user.id,\n\t\t\tidentifier: `reset-password:${verificationToken}`,\n\t\t\texpiresAt,\n\t\t});\n\t\tconst callbackURL = redirectTo ? encodeURIComponent(redirectTo) : \"\";\n\t\tconst url = `${ctx.context.baseURL}/reset-password/${verificationToken}?callbackURL=${callbackURL}`;\n\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\tctx.context.options.emailAndPassword.sendResetPassword(\n\t\t\t\t{\n\t\t\t\t\tuser: user.user,\n\t\t\t\t\turl,\n\t\t\t\t\ttoken: verificationToken,\n\t\t\t\t},\n\t\t\t\tctx.request,\n\t\t\t),\n\t\t);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t\tmessage:\n\t\t\t\t\"If this email exists in our system, check your email for the reset link\",\n\t\t});\n\t},\n);\n\nexport const requestPasswordResetCallback = createAuthEndpoint(\n\t\"/reset-password/:token\",\n\t{\n\t\tmethod: \"GET\",\n\t\toperationId: \"forgetPasswordCallback\",\n\t\tquery: z.object({\n\t\t\tcallbackURL: z.string().meta({\n\t\t\t\tdescription: \"The URL to redirect the user to reset their password\",\n\t\t\t}),\n\t\t}),\n\t\tuse: [originCheck((ctx) => ctx.query.callbackURL)],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"resetPasswordCallback\",\n\t\t\t\tdescription: \"Redirects the user to the callback URL with the token\",\n\t\t\t\tparameters: [\n\t\t\t\t\t{\n\t\t\t\t\t\tname: \"token\",\n\t\t\t\t\t\tin: \"path\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdescription: \"The token to reset the password\",\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tname: \"callbackURL\",\n\t\t\t\t\t\tin: \"query\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdescription: \"The URL to redirect the user to reset their password\",\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { token } = ctx.params;\n\t\tconst { callbackURL } = ctx.query;\n\t\tif (!token || !callbackURL) {\n\t\t\tthrow ctx.redirect(\n\t\t\t\tredirectError(ctx.context, callbackURL, { error: \"INVALID_TOKEN\" }),\n\t\t\t);\n\t\t}\n\t\tconst verification =\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\t`reset-password:${token}`,\n\t\t\t);\n\t\tif (!verification || verification.expiresAt < new Date()) {\n\t\t\tthrow ctx.redirect(\n\t\t\t\tredirectError(ctx.context, callbackURL, { error: \"INVALID_TOKEN\" }),\n\t\t\t);\n\t\t}\n\n\t\tthrow ctx.redirect(redirectCallback(ctx.context, callbackURL, { token }));\n\t},\n);\n\nexport const resetPassword = createAuthEndpoint(\n\t\"/reset-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\toperationId: \"resetPassword\",\n\t\tquery: z\n\t\t\t.object({\n\t\t\t\ttoken: z.string().optional(),\n\t\t\t})\n\t\t\t.optional(),\n\t\tbody: z.object({\n\t\t\tnewPassword: z.string().meta({\n\t\t\t\tdescription: \"The new password to set\",\n\t\t\t}),\n\t\t\ttoken: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The token to reset the password\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"resetPassword\",\n\t\t\t\tdescription: \"Reset the password for a user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst token = ctx.body.token || ctx.query?.token;\n\t\tif (!token) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t}\n\n\t\tconst { newPassword } = ctx.body;\n\n\t\tconst minLength = ctx.context.password?.config.minPasswordLength;\n\t\tconst maxLength = ctx.context.password?.config.maxPasswordLength;\n\t\tif (newPassword.length < minLength) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t}\n\t\tif (newPassword.length > maxLength) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t}\n\n\t\tconst id = `reset-password:${token}`;\n\n\t\tconst verification =\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(id);\n\t\tif (!verification || verification.expiresAt < new Date()) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t}\n\t\tconst userId = verification.value;\n\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\tconst accounts = await ctx.context.internalAdapter.findAccounts(userId);\n\t\tconst account = accounts.find((ac) => ac.providerId === \"credential\");\n\t\tif (!account) {\n\t\t\tawait ctx.context.internalAdapter.createAccount({\n\t\t\t\tuserId,\n\t\t\t\tproviderId: \"credential\",\n\t\t\t\tpassword: hashedPassword,\n\t\t\t\taccountId: userId,\n\t\t\t});\n\t\t} else {\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteVerificationByIdentifier(id);\n\n\t\tif (ctx.context.options.emailAndPassword?.onPasswordReset) {\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(userId);\n\t\t\tif (user) {\n\t\t\t\tawait ctx.context.options.emailAndPassword.onPasswordReset(\n\t\t\t\t\t{\n\t\t\t\t\t\tuser,\n\t\t\t\t\t},\n\t\t\t\t\tctx.request,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t\tif (ctx.context.options.emailAndPassword?.revokeSessionsOnPasswordReset) {\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(userId);\n\t\t}\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const verifyPassword = createAuthEndpoint(\n\t\"/verify-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * The password to verify\n\t\t\t */\n\t\t\tpassword: z.string().meta({\n\t\t\t\tdescription: \"The password to verify\",\n\t\t\t}),\n\t\t}),\n\t\tmetadata: {\n\t\t\tscope: \"server\",\n\t\t\topenapi: {\n\t\t\t\toperationId: \"verifyPassword\",\n\t\t\t\tdescription: \"Verify the current user's password\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tuse: [sensitiveSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst { password } = ctx.body;\n\t\tconst session = ctx.context.session;\n\n\t\tconst isValid = await validatePassword(ctx, {\n\t\t\tpassword,\n\t\t\tuserId: session.user.id,\n\t\t});\n\n\t\tif (!isValid) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_PASSWORD);\n\t\t}\n\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n"],"mappings":";;;;;;;;;;;AAUA,SAAS,cACR,KACA,aACA,OACS;CACT,MAAM,MAAM,cACT,IAAI,IAAI,aAAa,IAAI,QAAQ,GACjC,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ;AAClC,KAAI,MACH,QAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;AACtE,QAAO,IAAI;;AAGZ,SAAS,iBACR,KACA,aACA,OACS;CACT,MAAM,MAAM,IAAI,IAAI,aAAa,IAAI,QAAQ;AAC7C,KAAI,MACH,QAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;AACtE,QAAO,IAAI;;AAGZ,MAAa,uBAAuB,mBACnC,2BACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EAId,OAAO,EAAE,OAAO,CAAC,KAAK,EACrB,aACC,mEACD,CAAC;EAOF,YAAY,EACV,QAAQ,CACR,KAAK,EACL,aACC,uPACD,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,QAAQ,EACP,MAAM,WACN;KACD,SAAS,EACR,MAAM,UACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AACd,KAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,mBAAmB;AAC7D,MAAI,QAAQ,OAAO,MAClB,+GACA;AACD,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;CAEH,MAAM,EAAE,OAAO,eAAe,IAAI;CAElC,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,OAAO,EACrE,iBAAiB,MACjB,CAAC;AACF,KAAI,CAAC,MAAM;;;;;AAKV,aAAW,GAAG;AACd,QAAM,IAAI,QAAQ,gBAAgB,sBACjC,2BACA;AACD,MAAI,QAAQ,OAAO,MAAM,kCAAkC,EAAE,OAAO,CAAC;AACrE,SAAO,IAAI,KAAK;GACf,QAAQ;GACR,SACC;GACD,CAAC;;CAGH,MAAM,YAAY,QACjB,IAAI,QAAQ,QAAQ,iBAAiB,+BAFb,OAAU,GAIlC,MACA;CACD,MAAM,oBAAoB,WAAW,GAAG;AACxC,OAAM,IAAI,QAAQ,gBAAgB,wBAAwB;EACzD,OAAO,KAAK,KAAK;EACjB,YAAY,kBAAkB;EAC9B;EACA,CAAC;CACF,MAAM,cAAc,aAAa,mBAAmB,WAAW,GAAG;CAClE,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,kBAAkB,kBAAkB,eAAe;AACtF,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,iBAAiB,kBACpC;EACC,MAAM,KAAK;EACX;EACA,OAAO;EACP,EACD,IAAI,QACJ,CACD;AACD,QAAO,IAAI,KAAK;EACf,QAAQ;EACR,SACC;EACD,CAAC;EAEH;AAED,MAAa,+BAA+B,mBAC3C,0BACA;CACC,QAAQ;CACR,aAAa;CACb,OAAO,EAAE,OAAO,EACf,aAAa,EAAE,QAAQ,CAAC,KAAK,EAC5B,aAAa,wDACb,CAAC,EACF,CAAC;CACF,KAAK,CAAC,aAAa,QAAQ,IAAI,MAAM,YAAY,CAAC;CAClD,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,YAAY,CACX;GACC,MAAM;GACN,IAAI;GACJ,UAAU;GACV,aAAa;GACb,QAAQ,EACP,MAAM,UACN;GACD,EACD;GACC,MAAM;GACN,IAAI;GACJ,UAAU;GACV,aAAa;GACb,QAAQ,EACP,MAAM,UACN;GACD,CACD;EACD,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,OAAO,EACN,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,UAAU,IAAI;CACtB,MAAM,EAAE,gBAAgB,IAAI;AAC5B,KAAI,CAAC,SAAS,CAAC,YACd,OAAM,IAAI,SACT,cAAc,IAAI,SAAS,aAAa,EAAE,OAAO,iBAAiB,CAAC,CACnE;CAEF,MAAM,eACL,MAAM,IAAI,QAAQ,gBAAgB,sBACjC,kBAAkB,QAClB;AACF,KAAI,CAAC,gBAAgB,aAAa,4BAAY,IAAI,MAAM,CACvD,OAAM,IAAI,SACT,cAAc,IAAI,SAAS,aAAa,EAAE,OAAO,iBAAiB,CAAC,CACnE;AAGF,OAAM,IAAI,SAAS,iBAAiB,IAAI,SAAS,aAAa,EAAE,OAAO,CAAC,CAAC;EAE1E;AAED,MAAa,gBAAgB,mBAC5B,mBACA;CACC,QAAQ;CACR,aAAa;CACb,OAAO,EACL,OAAO,EACP,OAAO,EAAE,QAAQ,CAAC,UAAU,EAC5B,CAAC,CACD,UAAU;CACZ,MAAM,EAAE,OAAO;EACd,aAAa,EAAE,QAAQ,CAAC,KAAK,EAC5B,aAAa,2BACb,CAAC;EACF,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,mCACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,QAAQ,IAAI,KAAK,SAAS,IAAI,OAAO;AAC3C,KAAI,CAAC,MACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;CAGnE,MAAM,EAAE,gBAAgB,IAAI;CAE5B,MAAM,YAAY,IAAI,QAAQ,UAAU,OAAO;CAC/C,MAAM,YAAY,IAAI,QAAQ,UAAU,OAAO;AAC/C,KAAI,YAAY,SAAS,UACxB,OAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;AAExE,KAAI,YAAY,SAAS,UACxB,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,MAAM,KAAK,kBAAkB;CAE7B,MAAM,eACL,MAAM,IAAI,QAAQ,gBAAgB,sBAAsB,GAAG;AAC5D,KAAI,CAAC,gBAAgB,aAAa,4BAAY,IAAI,MAAM,CACvD,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;CAEnE,MAAM,SAAS,aAAa;CAC5B,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AAGnE,KAAI,EAFa,MAAM,IAAI,QAAQ,gBAAgB,aAAa,OAAO,EAC9C,MAAM,OAAO,GAAG,eAAe,aAAa,CAEpE,OAAM,IAAI,QAAQ,gBAAgB,cAAc;EAC/C;EACA,YAAY;EACZ,UAAU;EACV,WAAW;EACX,CAAC;KAEF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AAEzE,OAAM,IAAI,QAAQ,gBAAgB,+BAA+B,GAAG;AAEpE,KAAI,IAAI,QAAQ,QAAQ,kBAAkB,iBAAiB;EAC1D,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,OAAO;AACnE,MAAI,KACH,OAAM,IAAI,QAAQ,QAAQ,iBAAiB,gBAC1C,EACC,MACA,EACD,IAAI,QACJ;;AAGH,KAAI,IAAI,QAAQ,QAAQ,kBAAkB,8BACzC,OAAM,IAAI,QAAQ,gBAAgB,eAAe,OAAO;AAEzD,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAED,MAAa,iBAAiB,mBAC7B,oBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO,EAId,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,0BACb,CAAC,EACF,CAAC;CACF,UAAU;EACT,OAAO;EACP,SAAS;GACR,aAAa;GACb,aAAa;GACb,WAAW,EACV,OAAO;IACN,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD;CACD,KAAK,CAAC,2BAA2B;CACjC,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,aAAa,IAAI;CACzB,MAAM,UAAU,IAAI,QAAQ;AAO5B,KAAI,CALY,MAAM,iBAAiB,KAAK;EAC3C;EACA,QAAQ,QAAQ,KAAK;EACrB,CAAC,CAGD,OAAM,SAAS,KAAK,eAAe,iBAAiB,iBAAiB;AAGtE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH"}
1
+ {"version":3,"file":"password.mjs","names":[],"sources":["../../../src/api/routes/password.ts"],"sourcesContent":["import type { AuthContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { generateId } from \"@better-auth/core/utils/id\";\nimport * as z from \"zod\";\nimport { getDate } from \"../../utils/date\";\nimport { validatePassword } from \"../../utils/password\";\nimport { originCheck } from \"../middlewares\";\nimport { sensitiveSessionMiddleware } from \"./session\";\n\nfunction redirectError(\n\tctx: AuthContext,\n\tcallbackURL: string | undefined,\n\tquery?: Record<string, string> | undefined,\n): string {\n\tconst url = callbackURL\n\t\t? new URL(callbackURL, ctx.baseURL)\n\t\t: new URL(`${ctx.baseURL}/error`);\n\tif (query)\n\t\tObject.entries(query).forEach(([k, v]) => url.searchParams.set(k, v));\n\treturn url.href;\n}\n\nfunction redirectCallback(\n\tctx: AuthContext,\n\tcallbackURL: string,\n\tquery?: Record<string, string> | undefined,\n): string {\n\tconst url = new URL(callbackURL, ctx.baseURL);\n\tif (query)\n\t\tObject.entries(query).forEach(([k, v]) => url.searchParams.set(k, v));\n\treturn url.href;\n}\n\nexport const requestPasswordReset = createAuthEndpoint(\n\t\"/request-password-reset\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * The email address of the user to send a password reset email to.\n\t\t\t */\n\t\t\temail: z.email().meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"The email address of the user to send a password reset email to\",\n\t\t\t}),\n\t\t\t/**\n\t\t\t * The URL to redirect the user to reset their password.\n\t\t\t * If the token isn't valid or expired, it'll be redirected with a query parameter `?\n\t\t\t * error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?\n\t\t\t * token=VALID_TOKEN\n\t\t\t */\n\t\t\tredirectTo: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"requestPasswordReset\",\n\t\t\t\tdescription: \"Send a password reset email to the user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tuse: [originCheck((ctx) => ctx.body.redirectTo)],\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.sendResetPassword) {\n\t\t\tctx.context.logger.error(\n\t\t\t\t\"Reset password isn't enabled.Please pass an emailAndPassword.sendResetPassword function in your auth config!\",\n\t\t\t);\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Reset password isn't enabled\",\n\t\t\t\tcode: \"RESET_PASSWORD_DISABLED\",\n\t\t\t});\n\t\t}\n\t\tconst { email, redirectTo } = ctx.body;\n\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email, {\n\t\t\tincludeAccounts: true,\n\t\t});\n\t\tif (!user) {\n\t\t\t/**\n\t\t\t * We simulate the verification token generation and the database lookup\n\t\t\t * to mitigate timing attacks.\n\t\t\t */\n\t\t\tgenerateId(24);\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\t\"dummy-verification-token\",\n\t\t\t);\n\t\t\tctx.context.logger.error(\"Reset Password: User not found\", { email });\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t\tmessage:\n\t\t\t\t\t\"If this email exists in our system, check your email for the reset link\",\n\t\t\t});\n\t\t}\n\t\tconst defaultExpiresIn = 60 * 60 * 1;\n\t\tconst expiresAt = getDate(\n\t\t\tctx.context.options.emailAndPassword.resetPasswordTokenExpiresIn ||\n\t\t\t\tdefaultExpiresIn,\n\t\t\t\"sec\",\n\t\t);\n\t\tconst verificationToken = generateId(24);\n\t\tawait ctx.context.internalAdapter.createVerificationValue({\n\t\t\tvalue: user.user.id,\n\t\t\tidentifier: `reset-password:${verificationToken}`,\n\t\t\texpiresAt,\n\t\t});\n\t\tconst callbackURL = redirectTo ? encodeURIComponent(redirectTo) : \"\";\n\t\tconst url = `${ctx.context.baseURL}/reset-password/${verificationToken}?callbackURL=${callbackURL}`;\n\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\tctx.context.options.emailAndPassword.sendResetPassword(\n\t\t\t\t{\n\t\t\t\t\tuser: user.user,\n\t\t\t\t\turl,\n\t\t\t\t\ttoken: verificationToken,\n\t\t\t\t},\n\t\t\t\tctx.request,\n\t\t\t),\n\t\t);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t\tmessage:\n\t\t\t\t\"If this email exists in our system, check your email for the reset link\",\n\t\t});\n\t},\n);\n\nexport const requestPasswordResetCallback = createAuthEndpoint(\n\t\"/reset-password/:token\",\n\t{\n\t\tmethod: \"GET\",\n\t\toperationId: \"forgetPasswordCallback\",\n\t\tquery: z.object({\n\t\t\tcallbackURL: z.string().meta({\n\t\t\t\tdescription: \"The URL to redirect the user to reset their password\",\n\t\t\t}),\n\t\t}),\n\t\tuse: [originCheck((ctx) => ctx.query.callbackURL)],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"resetPasswordCallback\",\n\t\t\t\tdescription: \"Redirects the user to the callback URL with the token\",\n\t\t\t\tparameters: [\n\t\t\t\t\t{\n\t\t\t\t\t\tname: \"token\",\n\t\t\t\t\t\tin: \"path\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdescription: \"The token to reset the password\",\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tname: \"callbackURL\",\n\t\t\t\t\t\tin: \"query\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdescription: \"The URL to redirect the user to reset their password\",\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { token } = ctx.params;\n\t\tconst { callbackURL } = ctx.query;\n\t\tif (!token || !callbackURL) {\n\t\t\tthrow ctx.redirect(\n\t\t\t\tredirectError(ctx.context, callbackURL, { error: \"INVALID_TOKEN\" }),\n\t\t\t);\n\t\t}\n\t\tconst verification =\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\t`reset-password:${token}`,\n\t\t\t);\n\t\tif (!verification || verification.expiresAt < new Date()) {\n\t\t\tthrow ctx.redirect(\n\t\t\t\tredirectError(ctx.context, callbackURL, { error: \"INVALID_TOKEN\" }),\n\t\t\t);\n\t\t}\n\n\t\tthrow ctx.redirect(redirectCallback(ctx.context, callbackURL, { token }));\n\t},\n);\n\nexport const resetPassword = createAuthEndpoint(\n\t\"/reset-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\toperationId: \"resetPassword\",\n\t\tquery: z\n\t\t\t.object({\n\t\t\t\ttoken: z.string().optional(),\n\t\t\t})\n\t\t\t.optional(),\n\t\tbody: z.object({\n\t\t\tnewPassword: z.string().meta({\n\t\t\t\tdescription: \"The new password to set\",\n\t\t\t}),\n\t\t\ttoken: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The token to reset the password\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"resetPassword\",\n\t\t\t\tdescription: \"Reset the password for a user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst token = ctx.body.token || ctx.query?.token;\n\t\tif (!token) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t}\n\n\t\tconst { newPassword } = ctx.body;\n\n\t\tconst minLength = ctx.context.password?.config.minPasswordLength;\n\t\tconst maxLength = ctx.context.password?.config.maxPasswordLength;\n\t\tif (newPassword.length < minLength) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t}\n\t\tif (newPassword.length > maxLength) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t}\n\n\t\tconst id = `reset-password:${token}`;\n\n\t\tconst verification =\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(id);\n\t\tif (!verification || verification.expiresAt < new Date()) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t}\n\t\tconst userId = verification.value;\n\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\tconst accounts = await ctx.context.internalAdapter.findAccounts(userId);\n\t\tconst account = accounts.find((ac) => ac.providerId === \"credential\");\n\t\tif (!account) {\n\t\t\tawait ctx.context.internalAdapter.createAccount({\n\t\t\t\tuserId,\n\t\t\t\tproviderId: \"credential\",\n\t\t\t\tpassword: hashedPassword,\n\t\t\t\taccountId: userId,\n\t\t\t});\n\t\t} else {\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteVerificationByIdentifier(id);\n\n\t\tif (ctx.context.options.emailAndPassword?.onPasswordReset) {\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(userId);\n\t\t\tif (user) {\n\t\t\t\tawait ctx.context.options.emailAndPassword.onPasswordReset(\n\t\t\t\t\t{\n\t\t\t\t\t\tuser,\n\t\t\t\t\t},\n\t\t\t\t\tctx.request,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t\tif (ctx.context.options.emailAndPassword?.revokeSessionsOnPasswordReset) {\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(userId);\n\t\t}\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const verifyPassword = createAuthEndpoint(\n\t\"/verify-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * The password to verify\n\t\t\t */\n\t\t\tpassword: z.string().meta({\n\t\t\t\tdescription: \"The password to verify\",\n\t\t\t}),\n\t\t}),\n\t\tmetadata: {\n\t\t\tscope: \"server\",\n\t\t\topenapi: {\n\t\t\t\toperationId: \"verifyPassword\",\n\t\t\t\tdescription: \"Verify the current user's password\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tuse: [sensitiveSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst { password } = ctx.body;\n\t\tconst session = ctx.context.session;\n\n\t\tconst isValid = await validatePassword(ctx, {\n\t\t\tpassword,\n\t\t\tuserId: session.user.id,\n\t\t});\n\n\t\tif (!isValid) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_PASSWORD);\n\t\t}\n\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n"],"mappings":";;;;;;;;;;;AAUA,SAAS,cACR,KACA,aACA,OACS;CACT,MAAM,MAAM,cACT,IAAI,IAAI,aAAa,IAAI,QAAQ,GACjC,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ;AAClC,KAAI,MACH,QAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;AACtE,QAAO,IAAI;;AAGZ,SAAS,iBACR,KACA,aACA,OACS;CACT,MAAM,MAAM,IAAI,IAAI,aAAa,IAAI,QAAQ;AAC7C,KAAI,MACH,QAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;AACtE,QAAO,IAAI;;AAGZ,MAAa,uBAAuB,mBACnC,2BACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EAId,OAAO,EAAE,OAAO,CAAC,KAAK,EACrB,aACC,mEACD,CAAC;EAOF,YAAY,EACV,QAAQ,CACR,KAAK,EACL,aACC,uPACD,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,QAAQ,EACP,MAAM,WACN;KACD,SAAS,EACR,MAAM,UACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,KAAK,CAAC,aAAa,QAAQ,IAAI,KAAK,WAAW,CAAC;CAChD,EACD,OAAO,QAAQ;AACd,KAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,mBAAmB;AAC7D,MAAI,QAAQ,OAAO,MAClB,+GACA;AACD,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;CAEH,MAAM,EAAE,OAAO,eAAe,IAAI;CAElC,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,OAAO,EACrE,iBAAiB,MACjB,CAAC;AACF,KAAI,CAAC,MAAM;;;;;AAKV,aAAW,GAAG;AACd,QAAM,IAAI,QAAQ,gBAAgB,sBACjC,2BACA;AACD,MAAI,QAAQ,OAAO,MAAM,kCAAkC,EAAE,OAAO,CAAC;AACrE,SAAO,IAAI,KAAK;GACf,QAAQ;GACR,SACC;GACD,CAAC;;CAGH,MAAM,YAAY,QACjB,IAAI,QAAQ,QAAQ,iBAAiB,+BAFb,OAAU,GAIlC,MACA;CACD,MAAM,oBAAoB,WAAW,GAAG;AACxC,OAAM,IAAI,QAAQ,gBAAgB,wBAAwB;EACzD,OAAO,KAAK,KAAK;EACjB,YAAY,kBAAkB;EAC9B;EACA,CAAC;CACF,MAAM,cAAc,aAAa,mBAAmB,WAAW,GAAG;CAClE,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,kBAAkB,kBAAkB,eAAe;AACtF,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,iBAAiB,kBACpC;EACC,MAAM,KAAK;EACX;EACA,OAAO;EACP,EACD,IAAI,QACJ,CACD;AACD,QAAO,IAAI,KAAK;EACf,QAAQ;EACR,SACC;EACD,CAAC;EAEH;AAED,MAAa,+BAA+B,mBAC3C,0BACA;CACC,QAAQ;CACR,aAAa;CACb,OAAO,EAAE,OAAO,EACf,aAAa,EAAE,QAAQ,CAAC,KAAK,EAC5B,aAAa,wDACb,CAAC,EACF,CAAC;CACF,KAAK,CAAC,aAAa,QAAQ,IAAI,MAAM,YAAY,CAAC;CAClD,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,YAAY,CACX;GACC,MAAM;GACN,IAAI;GACJ,UAAU;GACV,aAAa;GACb,QAAQ,EACP,MAAM,UACN;GACD,EACD;GACC,MAAM;GACN,IAAI;GACJ,UAAU;GACV,aAAa;GACb,QAAQ,EACP,MAAM,UACN;GACD,CACD;EACD,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,OAAO,EACN,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,UAAU,IAAI;CACtB,MAAM,EAAE,gBAAgB,IAAI;AAC5B,KAAI,CAAC,SAAS,CAAC,YACd,OAAM,IAAI,SACT,cAAc,IAAI,SAAS,aAAa,EAAE,OAAO,iBAAiB,CAAC,CACnE;CAEF,MAAM,eACL,MAAM,IAAI,QAAQ,gBAAgB,sBACjC,kBAAkB,QAClB;AACF,KAAI,CAAC,gBAAgB,aAAa,4BAAY,IAAI,MAAM,CACvD,OAAM,IAAI,SACT,cAAc,IAAI,SAAS,aAAa,EAAE,OAAO,iBAAiB,CAAC,CACnE;AAGF,OAAM,IAAI,SAAS,iBAAiB,IAAI,SAAS,aAAa,EAAE,OAAO,CAAC,CAAC;EAE1E;AAED,MAAa,gBAAgB,mBAC5B,mBACA;CACC,QAAQ;CACR,aAAa;CACb,OAAO,EACL,OAAO,EACP,OAAO,EAAE,QAAQ,CAAC,UAAU,EAC5B,CAAC,CACD,UAAU;CACZ,MAAM,EAAE,OAAO;EACd,aAAa,EAAE,QAAQ,CAAC,KAAK,EAC5B,aAAa,2BACb,CAAC;EACF,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,mCACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,QAAQ,IAAI,KAAK,SAAS,IAAI,OAAO;AAC3C,KAAI,CAAC,MACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;CAGnE,MAAM,EAAE,gBAAgB,IAAI;CAE5B,MAAM,YAAY,IAAI,QAAQ,UAAU,OAAO;CAC/C,MAAM,YAAY,IAAI,QAAQ,UAAU,OAAO;AAC/C,KAAI,YAAY,SAAS,UACxB,OAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;AAExE,KAAI,YAAY,SAAS,UACxB,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,MAAM,KAAK,kBAAkB;CAE7B,MAAM,eACL,MAAM,IAAI,QAAQ,gBAAgB,sBAAsB,GAAG;AAC5D,KAAI,CAAC,gBAAgB,aAAa,4BAAY,IAAI,MAAM,CACvD,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;CAEnE,MAAM,SAAS,aAAa;CAC5B,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AAGnE,KAAI,EAFa,MAAM,IAAI,QAAQ,gBAAgB,aAAa,OAAO,EAC9C,MAAM,OAAO,GAAG,eAAe,aAAa,CAEpE,OAAM,IAAI,QAAQ,gBAAgB,cAAc;EAC/C;EACA,YAAY;EACZ,UAAU;EACV,WAAW;EACX,CAAC;KAEF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AAEzE,OAAM,IAAI,QAAQ,gBAAgB,+BAA+B,GAAG;AAEpE,KAAI,IAAI,QAAQ,QAAQ,kBAAkB,iBAAiB;EAC1D,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,OAAO;AACnE,MAAI,KACH,OAAM,IAAI,QAAQ,QAAQ,iBAAiB,gBAC1C,EACC,MACA,EACD,IAAI,QACJ;;AAGH,KAAI,IAAI,QAAQ,QAAQ,kBAAkB,8BACzC,OAAM,IAAI,QAAQ,gBAAgB,eAAe,OAAO;AAEzD,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAED,MAAa,iBAAiB,mBAC7B,oBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO,EAId,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,0BACb,CAAC,EACF,CAAC;CACF,UAAU;EACT,OAAO;EACP,SAAS;GACR,aAAa;GACb,aAAa;GACb,WAAW,EACV,OAAO;IACN,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD;CACD,KAAK,CAAC,2BAA2B;CACjC,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,aAAa,IAAI;CACzB,MAAM,UAAU,IAAI,QAAQ;AAO5B,KAAI,CALY,MAAM,iBAAiB,KAAK;EAC3C;EACA,QAAQ,QAAQ,KAAK;EACrB,CAAC,CAGD,OAAM,SAAS,KAAK,eAAe,iBAAiB,iBAAiB;AAGtE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH"}
package/dist/api/routes/session.d.mts CHANGED
@@ -1,6 +1,5 @@
1
1
  import { Prettify as Prettify$1 } from "../../types/helper.mjs";
2
2
  import { Session as Session$1, User as User$1 } from "../../types/models.mjs";
3
- import "../../types/index.mjs";
4
3
  import { BetterAuthOptions, GenericEndpointContext } from "@better-auth/core";
5
4
  import * as _better_auth_core_db0 from "@better-auth/core/db";
6
5
  import * as better_call0 from "better-call";
package/dist/api/routes/sign-in.d.mts CHANGED
@@ -8,7 +8,7 @@ declare const socialSignInBodySchema: z.ZodObject<{
8
8
  callbackURL: z.ZodOptional<z.ZodString>;
9
9
  newUserCallbackURL: z.ZodOptional<z.ZodString>;
10
10
  errorCallbackURL: z.ZodOptional<z.ZodString>;
11
- provider: z.ZodType<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel", unknown, z.core.$ZodTypeInternals<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel", unknown>>;
11
+ provider: z.ZodType<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat", unknown, z.core.$ZodTypeInternals<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat", unknown>>;
12
12
  disableRedirect: z.ZodOptional<z.ZodBoolean>;
13
13
  idToken: z.ZodOptional<z.ZodObject<{
14
14
  token: z.ZodString;
@@ -16,6 +16,13 @@ declare const socialSignInBodySchema: z.ZodObject<{
16
16
  accessToken: z.ZodOptional<z.ZodString>;
17
17
  refreshToken: z.ZodOptional<z.ZodString>;
18
18
  expiresAt: z.ZodOptional<z.ZodNumber>;
19
+ user: z.ZodOptional<z.ZodObject<{
20
+ name: z.ZodOptional<z.ZodObject<{
21
+ firstName: z.ZodOptional<z.ZodString>;
22
+ lastName: z.ZodOptional<z.ZodString>;
23
+ }, z.core.$strip>>;
24
+ email: z.ZodOptional<z.ZodString>;
25
+ }, z.core.$strip>>;
19
26
  }, z.core.$strip>>;
20
27
  scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
21
28
  requestSignUp: z.ZodOptional<z.ZodBoolean>;
@@ -29,7 +36,7 @@ declare const signInSocial: <O extends BetterAuthOptions>() => better_call0.Stri
29
36
  callbackURL: z.ZodOptional<z.ZodString>;
30
37
  newUserCallbackURL: z.ZodOptional<z.ZodString>;
31
38
  errorCallbackURL: z.ZodOptional<z.ZodString>;
32
- provider: z.ZodType<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel", unknown, z.core.$ZodTypeInternals<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel", unknown>>;
39
+ provider: z.ZodType<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat", unknown, z.core.$ZodTypeInternals<(string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat", unknown>>;
33
40
  disableRedirect: z.ZodOptional<z.ZodBoolean>;
34
41
  idToken: z.ZodOptional<z.ZodObject<{
35
42
  token: z.ZodString;
@@ -37,6 +44,13 @@ declare const signInSocial: <O extends BetterAuthOptions>() => better_call0.Stri
37
44
  accessToken: z.ZodOptional<z.ZodString>;
38
45
  refreshToken: z.ZodOptional<z.ZodString>;
39
46
  expiresAt: z.ZodOptional<z.ZodNumber>;
47
+ user: z.ZodOptional<z.ZodObject<{
48
+ name: z.ZodOptional<z.ZodObject<{
49
+ firstName: z.ZodOptional<z.ZodString>;
50
+ lastName: z.ZodOptional<z.ZodString>;
51
+ }, z.core.$strip>>;
52
+ email: z.ZodOptional<z.ZodString>;
53
+ }, z.core.$strip>>;
40
54
  }, z.core.$strip>>;
41
55
  scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
42
56
  requestSignUp: z.ZodOptional<z.ZodBoolean>;
package/dist/api/routes/sign-in.mjs CHANGED
@@ -23,7 +23,14 @@ const socialSignInBodySchema = z.object({
23
23
  nonce: z.string().meta({ description: "Nonce used to generate the token" }).optional(),
24
24
  accessToken: z.string().meta({ description: "Access token from the provider" }).optional(),
25
25
  refreshToken: z.string().meta({ description: "Refresh token from the provider" }).optional(),
26
- expiresAt: z.number().meta({ description: "Expiry date of the token" }).optional()
26
+ expiresAt: z.number().meta({ description: "Expiry date of the token" }).optional(),
27
+ user: z.object({
28
+ name: z.object({
29
+ firstName: z.string().optional(),
30
+ lastName: z.string().optional()
31
+ }).optional(),
32
+ email: z.string().optional()
33
+ }).meta({ description: "The user object from the provider. Only available for some providers like Apple." }).optional()
27
34
  })),
28
35
  scopes: z.array(z.string()).meta({ description: "Array of scopes to request from the provider. This will override the default scopes passed." }).optional(),
29
36
  requestSignUp: z.boolean().meta({ description: "Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider" }).optional(),
@@ -87,7 +94,8 @@ const signInSocial = () => createAuthEndpoint("/sign-in/social", {
87
94
  const userInfo = await provider.getUserInfo({
88
95
  idToken: token,
89
96
  accessToken: c.body.idToken.accessToken,
90
- refreshToken: c.body.idToken.refreshToken
97
+ refreshToken: c.body.idToken.refreshToken,
98
+ user: c.body.idToken.user
91
99
  });
92
100
  if (!userInfo || !userInfo?.user) {
93
101
  c.context.logger.error("Failed to get user info", { provider: c.body.provider });
package/dist/api/routes/sign-in.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign-in.mjs","names":[],"sources":["../../../src/api/routes/sign-in.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { User } from \"@better-auth/core/db\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { SocialProviderListEnum } from \"@better-auth/core/social-providers\";\nimport * as z from \"zod\";\nimport { getAwaitableValue } from \"../../context/helpers\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { parseUserOutput } from \"../../db/schema\";\nimport { handleOAuthUserInfo } from \"../../oauth2/link-account\";\nimport { generateState } from \"../../utils\";\nimport { formCsrfMiddleware } from \"../middlewares/origin-check\";\nimport { createEmailVerificationToken } from \"./email-verification\";\n\nconst socialSignInBodySchema = z.object({\n\t/**\n\t * Callback URL to redirect to after the user\n\t * has signed in.\n\t */\n\tcallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"Callback URL to redirect to after the user has signed in\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * callback url to redirect if the user is newly registered.\n\t *\n\t * useful if you have different routes for existing users and new users\n\t */\n\tnewUserCallbackURL: z.string().optional(),\n\t/**\n\t * Callback url to redirect to if an error happens\n\t *\n\t * If it's initiated from the client sdk this defaults to\n\t * the current url.\n\t */\n\terrorCallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"Callback URL to redirect to if an error happens\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * OAuth2 provider to use`\n\t */\n\tprovider: SocialProviderListEnum,\n\t/**\n\t * Disable automatic redirection to the provider\n\t *\n\t * This is useful if you want to handle the redirection\n\t * yourself like in a popup or a different tab.\n\t */\n\tdisableRedirect: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Disable automatic redirection to the provider. Useful for handling the redirection yourself\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * ID token from the provider\n\t *\n\t * This is used to sign in the user\n\t * if the user is already signed in with the\n\t * provider in the frontend.\n\t *\n\t * Only applicable if the provider supports\n\t * it. Currently only `apple` and `google` is\n\t * supported out of the box.\n\t */\n\tidToken: z.optional(\n\t\tz.object({\n\t\t\t/**\n\t\t\t * ID token from the provider\n\t\t\t */\n\t\t\ttoken: z.string().meta({\n\t\t\t\tdescription: \"ID token from the provider\",\n\t\t\t}),\n\t\t\t/**\n\t\t\t * The nonce used to generate the token\n\t\t\t */\n\t\t\tnonce: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Nonce used to generate the token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Access token from the provider\n\t\t\t */\n\t\t\taccessToken: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Access token from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Refresh token from the provider\n\t\t\t */\n\t\t\trefreshToken: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Refresh token from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Expiry date of the token\n\t\t\t */\n\t\t\texpiresAt: z\n\t\t\t\t.number()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Expiry date of the token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t),\n\tscopes: z\n\t\t.array(z.string())\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Array of scopes to request from the provider. This will override the default scopes passed.\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Explicitly request sign-up\n\t *\n\t * Should be used to allow sign up when\n\t * disableImplicitSignUp for this provider is\n\t * true\n\t */\n\trequestSignUp: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * The login hint to use for the authorization code request\n\t */\n\tloginHint: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The login hint to use for the authorization code request\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Additional data to be passed through the OAuth flow\n\t */\n\tadditionalData: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription: \"Additional data to be passed through the OAuth flow\",\n\t}),\n});\n\nexport const signInSocial = <O extends BetterAuthOptions>() =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-in/social\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\toperationId: \"socialSignIn\",\n\t\t\tbody: socialSignInBodySchema,\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as z.infer<typeof socialSignInBodySchema>,\n\t\t\t\t\treturned: {} as {\n\t\t\t\t\t\tredirect: boolean;\n\t\t\t\t\t\ttoken?: string | undefined;\n\t\t\t\t\t\turl?: string | undefined;\n\t\t\t\t\t\tuser?: User<O[\"user\"], O[\"plugins\"]> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Sign in with a social provider\",\n\t\t\t\t\toperationId: \"socialSignIn\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Success - Returns either session details or redirect URL\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t// todo: we need support for multiple schema\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tdescription: \"Session response when idToken is provided\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [false],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"redirect\", \"token\", \"user\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (\n\t\t\tc,\n\t\t): Promise<\n\t\t\t| { redirect: boolean; url: string }\n\t\t\t| {\n\t\t\t\t\tredirect: boolean;\n\t\t\t\t\ttoken: string;\n\t\t\t\t\turl: undefined;\n\t\t\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t\t }\n\t\t> => {\n\t\t\tconst provider = await getAwaitableValue(c.context.socialProviders, {\n\t\t\t\tvalue: c.body.provider,\n\t\t\t});\n\t\t\tif (!provider) {\n\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\"Provider not found. Make sure to add the provider in your auth config\",\n\t\t\t\t\t{\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (c.body.idToken) {\n\t\t\t\tif (!provider.verifyIdToken) {\n\t\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\t\"Provider does not support id token verification\",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"NOT_FOUND\",\n\t\t\t\t\t\tBASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst { token, nonce } = c.body.idToken;\n\t\t\t\tconst valid = await provider.verifyIdToken(token, nonce);\n\t\t\t\tif (!valid) {\n\t\t\t\t\tc.context.logger.error(\"Invalid id token\", {\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t});\n\t\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t\t\t}\n\t\t\t\tconst userInfo = await provider.getUserInfo({\n\t\t\t\t\tidToken: token,\n\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t\t});\n\t\t\t\tif (!userInfo || !userInfo?.user) {\n\t\t\t\t\tc.context.logger.error(\"Failed to get user info\", {\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t});\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_GET_USER_INFO,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (!userInfo.user.email) {\n\t\t\t\t\tc.context.logger.error(\"User email not found\", {\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t});\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\t\tBASE_ERROR_CODES.USER_EMAIL_NOT_FOUND,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst data = await handleOAuthUserInfo(c, {\n\t\t\t\t\tuserInfo: {\n\t\t\t\t\t\t...userInfo.user,\n\t\t\t\t\t\temail: userInfo.user.email,\n\t\t\t\t\t\tid: String(userInfo.user.id),\n\t\t\t\t\t\tname: userInfo.user.name || \"\",\n\t\t\t\t\t\timage: userInfo.user.image,\n\t\t\t\t\t\temailVerified: userInfo.user.emailVerified || false,\n\t\t\t\t\t},\n\t\t\t\t\taccount: {\n\t\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\t\taccountId: String(userInfo.user.id),\n\t\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\t},\n\t\t\t\t\tcallbackURL: c.body.callbackURL,\n\t\t\t\t\tdisableSignUp:\n\t\t\t\t\t\t(provider.disableImplicitSignUp && !c.body.requestSignUp) ||\n\t\t\t\t\t\tprovider.disableSignUp,\n\t\t\t\t});\n\t\t\t\tif (data.error) {\n\t\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\t\tmessage: data.error,\n\t\t\t\t\t\tcode: \"OAUTH_LINK_ERROR\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tawait setSessionCookie(c, data.data!);\n\t\t\t\treturn c.json({\n\t\t\t\t\tredirect: false,\n\t\t\t\t\ttoken: data.data!.session.token,\n\t\t\t\t\turl: undefined,\n\t\t\t\t\tuser: parseUserOutput(c.context.options, data.data!.user) as User<\n\t\t\t\t\t\tO[\"user\"],\n\t\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t\t>,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst { codeVerifier, state } = await generateState(\n\t\t\t\tc,\n\t\t\t\tundefined,\n\t\t\t\tc.body.additionalData,\n\t\t\t);\n\t\t\tconst url = await provider.createAuthorizationURL({\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: `${c.context.baseURL}/callback/${provider.id}`,\n\t\t\t\tscopes: c.body.scopes,\n\t\t\t\tloginHint: c.body.loginHint,\n\t\t\t});\n\n\t\t\tif (!c.body.disableRedirect) {\n\t\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t\t}\n\n\t\t\treturn c.json({\n\t\t\t\turl: url.toString(),\n\t\t\t\tredirect: !c.body.disableRedirect,\n\t\t\t});\n\t\t},\n\t);\n\nexport const signInEmail = <O extends BetterAuthOptions>() =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-in/email\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\toperationId: \"signInEmail\",\n\t\t\tuse: [formCsrfMiddleware],\n\t\t\tbody: z.object({\n\t\t\t\t/**\n\t\t\t\t * Email of the user\n\t\t\t\t */\n\t\t\t\temail: z.string().meta({\n\t\t\t\t\tdescription: \"Email of the user\",\n\t\t\t\t}),\n\t\t\t\t/**\n\t\t\t\t * Password of the user\n\t\t\t\t */\n\t\t\t\tpassword: z.string().meta({\n\t\t\t\t\tdescription: \"Password of the user\",\n\t\t\t\t}),\n\t\t\t\t/**\n\t\t\t\t * Callback URL to use as a redirect for email\n\t\t\t\t * verification and for possible redirects\n\t\t\t\t */\n\t\t\t\tcallbackURL: z\n\t\t\t\t\t.string()\n\t\t\t\t\t.meta({\n\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\"Callback URL to use as a redirect for email verification\",\n\t\t\t\t\t})\n\t\t\t\t\t.optional(),\n\t\t\t\t/**\n\t\t\t\t * If this is false, the session will not be remembered\n\t\t\t\t * @default true\n\t\t\t\t */\n\t\t\t\trememberMe: z\n\t\t\t\t\t.boolean()\n\t\t\t\t\t.meta({\n\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\"If this is false, the session will not be remembered. Default is `true`.\",\n\t\t\t\t\t})\n\t\t\t\t\t.default(true)\n\t\t\t\t\t.optional(),\n\t\t\t}),\n\t\t\tmetadata: {\n\t\t\t\tallowedMediaTypes: [\n\t\t\t\t\t\"application/x-www-form-urlencoded\",\n\t\t\t\t\t\"application/json\",\n\t\t\t\t],\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword: string;\n\t\t\t\t\t\tcallbackURL?: string | undefined;\n\t\t\t\t\t\trememberMe?: boolean | undefined;\n\t\t\t\t\t},\n\t\t\t\t\treturned: {} as {\n\t\t\t\t\t\tredirect: boolean;\n\t\t\t\t\t\ttoken: string;\n\t\t\t\t\t\turl?: string | undefined;\n\t\t\t\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"signInEmail\",\n\t\t\t\t\tdescription: \"Sign in with email and password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Success - Returns either session details or redirect URL\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t// todo: we need support for multiple schema\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tdescription: \"Session response when idToken is provided\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [false],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Session token\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"redirect\", \"token\", \"user\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (\n\t\t\tctx,\n\t\t): Promise<{\n\t\t\tredirect: boolean;\n\t\t\ttoken: string;\n\t\t\turl?: string | undefined;\n\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t}> => {\n\t\t\tif (!ctx.context.options?.emailAndPassword?.enabled) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!\",\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\tcode: \"EMAIL_PASSWORD_DISABLED\",\n\t\t\t\t\tmessage: \"Email and password is not enabled\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst { email, password } = ctx.body;\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email, {\n\t\t\t\tincludeAccounts: true,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\t// Hash password to prevent timing attacks from revealing valid email addresses\n\t\t\t\t// By hashing passwords for invalid emails, we ensure consistent response times\n\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\tctx.context.logger.error(\"User not found\", { email });\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst credentialAccount = user.accounts.find(\n\t\t\t\t(a) => a.providerId === \"credential\",\n\t\t\t);\n\t\t\tif (!credentialAccount) {\n\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\tctx.context.logger.error(\"Credential account not found\", { email });\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst currentPassword = credentialAccount?.password;\n\t\t\tif (!currentPassword) {\n\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\tctx.context.logger.error(\"Password not found\", { email });\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst validPassword = await ctx.context.password.verify({\n\t\t\t\thash: currentPassword,\n\t\t\t\tpassword,\n\t\t\t});\n\t\t\tif (!validPassword) {\n\t\t\t\tctx.context.logger.error(\"Invalid password\");\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tctx.context.options?.emailAndPassword?.requireEmailVerification &&\n\t\t\t\t!user.user.emailVerified\n\t\t\t) {\n\t\t\t\tif (!ctx.context.options?.emailVerification?.sendVerificationEmail) {\n\t\t\t\t\tthrow APIError.from(\"FORBIDDEN\", BASE_ERROR_CODES.EMAIL_NOT_VERIFIED);\n\t\t\t\t}\n\n\t\t\t\tif (ctx.context.options?.emailVerification?.sendOnSignIn) {\n\t\t\t\t\tconst token = await createEmailVerificationToken(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tuser.user.email,\n\t\t\t\t\t\tundefined,\n\t\t\t\t\t\tctx.context.options.emailVerification?.expiresIn,\n\t\t\t\t\t);\n\t\t\t\t\tconst callbackURL = ctx.body.callbackURL\n\t\t\t\t\t\t? encodeURIComponent(ctx.body.callbackURL)\n\t\t\t\t\t\t: encodeURIComponent(\"/\");\n\t\t\t\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${callbackURL}`;\n\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tuser: user.user,\n\t\t\t\t\t\t\t\turl,\n\t\t\t\t\t\t\t\ttoken,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t),\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tthrow APIError.from(\"FORBIDDEN\", BASE_ERROR_CODES.EMAIL_NOT_VERIFIED);\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\tuser.user.id,\n\t\t\t\tctx.body.rememberMe === false,\n\t\t\t);\n\n\t\t\tif (!session) {\n\t\t\t\tctx.context.logger.error(\"Failed to create session\");\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession,\n\t\t\t\t\tuser: user.user,\n\t\t\t\t},\n\t\t\t\tctx.body.rememberMe === false,\n\t\t\t);\n\n\t\t\tif (ctx.body.callbackURL) {\n\t\t\t\tctx.setHeader(\"Location\", ctx.body.callbackURL);\n\t\t\t}\n\n\t\t\treturn ctx.json({\n\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t\ttoken: session.token,\n\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user.user) as User<\n\t\t\t\t\tO[\"user\"],\n\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t>,\n\t\t\t});\n\t\t},\n\t);\n"],"mappings":";;;;;;;;;;;;;;AAcA,MAAM,yBAAyB,EAAE,OAAO;CAKvC,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,4DACb,CAAC,CACD,UAAU;CAMZ,oBAAoB,EAAE,QAAQ,CAAC,UAAU;CAOzC,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aAAa,mDACb,CAAC,CACD,UAAU;CAIZ,UAAU;CAOV,iBAAiB,EACf,SAAS,CACT,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;CAYZ,SAAS,EAAE,SACV,EAAE,OAAO;EAIR,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,8BACb,CAAC;EAIF,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,oCACb,CAAC,CACD,UAAU;EAIZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,kCACb,CAAC,CACD,UAAU;EAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,mCACb,CAAC,CACD,UAAU;EAIZ,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;EACZ,CAAC,CACF;CACD,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;CAQZ,eAAe,EACb,SAAS,CACT,KAAK,EACL,aACC,2FACD,CAAC,CACD,UAAU;CAIZ,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,4DACb,CAAC,CACD,UAAU;CAIZ,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EAC7D,aAAa,uDACb,CAAC;CACF,CAAC;AAEF,MAAa,qBACZ,mBACC,mBACA;CACC,QAAQ;CACR,aAAa;CACb,MAAM;CACN,UAAU;EACT,QAAQ;GACP,MAAM,EAAE;GACR,UAAU,EAAE;GAMZ;EACD,SAAS;GACR,aAAa;GACb,aAAa;GACb,WAAW,EACV,OAAO;IACN,aACC;IACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;KAEP,MAAM;KACN,aAAa;KACb,YAAY;MACX,OAAO,EACN,MAAM,UACN;MACD,MAAM;OACL,MAAM;OACN,MAAM;OACN;MACD,KAAK,EACJ,MAAM,UACN;MACD,UAAU;OACT,MAAM;OACN,MAAM,CAAC,MAAM;OACb;MACD;KACD,UAAU;MAAC;MAAY;MAAS;MAAO;KACvC,EACD,EACD;IACD,EACD;GACD;EACD;CACD,EACD,OACC,MASI;CACJ,MAAM,WAAW,MAAM,kBAAkB,EAAE,QAAQ,iBAAiB,EACnE,OAAO,EAAE,KAAK,UACd,CAAC;AACF,KAAI,CAAC,UAAU;AACd,IAAE,QAAQ,OAAO,MAChB,yEACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;AAGtE,KAAI,EAAE,KAAK,SAAS;AACnB,MAAI,CAAC,SAAS,eAAe;AAC5B,KAAE,QAAQ,OAAO,MAChB,mDACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,SAAM,SAAS,KACd,aACA,iBAAiB,uBACjB;;EAEF,MAAM,EAAE,OAAO,UAAU,EAAE,KAAK;AAEhC,MAAI,CADU,MAAM,SAAS,cAAc,OAAO,MAAM,EAC5C;AACX,KAAE,QAAQ,OAAO,MAAM,oBAAoB,EAC1C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KAAK,gBAAgB,iBAAiB,cAAc;;EAEpE,MAAM,WAAW,MAAM,SAAS,YAAY;GAC3C,SAAS;GACT,aAAa,EAAE,KAAK,QAAQ;GAC5B,cAAc,EAAE,KAAK,QAAQ;GAC7B,CAAC;AACF,MAAI,CAAC,YAAY,CAAC,UAAU,MAAM;AACjC,KAAE,QAAQ,OAAO,MAAM,2BAA2B,EACjD,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,wBACjB;;AAEF,MAAI,CAAC,SAAS,KAAK,OAAO;AACzB,KAAE,QAAQ,OAAO,MAAM,wBAAwB,EAC9C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,qBACjB;;EAEF,MAAM,OAAO,MAAM,oBAAoB,GAAG;GACzC,UAAU;IACT,GAAG,SAAS;IACZ,OAAO,SAAS,KAAK;IACrB,IAAI,OAAO,SAAS,KAAK,GAAG;IAC5B,MAAM,SAAS,KAAK,QAAQ;IAC5B,OAAO,SAAS,KAAK;IACrB,eAAe,SAAS,KAAK,iBAAiB;IAC9C;GACD,SAAS;IACR,YAAY,SAAS;IACrB,WAAW,OAAO,SAAS,KAAK,GAAG;IACnC,aAAa,EAAE,KAAK,QAAQ;IAC5B;GACD,aAAa,EAAE,KAAK;GACpB,eACE,SAAS,yBAAyB,CAAC,EAAE,KAAK,iBAC3C,SAAS;GACV,CAAC;AACF,MAAI,KAAK,MACR,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS,KAAK;GACd,MAAM;GACN,CAAC;AAEH,QAAM,iBAAiB,GAAG,KAAK,KAAM;AACrC,SAAO,EAAE,KAAK;GACb,UAAU;GACV,OAAO,KAAK,KAAM,QAAQ;GAC1B,KAAK;GACL,MAAM,gBAAgB,EAAE,QAAQ,SAAS,KAAK,KAAM,KAAK;GAIzD,CAAC;;CAGH,MAAM,EAAE,cAAc,UAAU,MAAM,cACrC,GACA,QACA,EAAE,KAAK,eACP;CACD,MAAM,MAAM,MAAM,SAAS,uBAAuB;EACjD;EACA;EACA,aAAa,GAAG,EAAE,QAAQ,QAAQ,YAAY,SAAS;EACvD,QAAQ,EAAE,KAAK;EACf,WAAW,EAAE,KAAK;EAClB,CAAC;AAEF,KAAI,CAAC,EAAE,KAAK,gBACX,GAAE,UAAU,YAAY,IAAI,UAAU,CAAC;AAGxC,QAAO,EAAE,KAAK;EACb,KAAK,IAAI,UAAU;EACnB,UAAU,CAAC,EAAE,KAAK;EAClB,CAAC;EAEH;AAEF,MAAa,oBACZ,mBACC,kBACA;CACC,QAAQ;CACR,aAAa;CACb,KAAK,CAAC,mBAAmB;CACzB,MAAM,EAAE,OAAO;EAId,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,qBACb,CAAC;EAIF,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,wBACb,CAAC;EAKF,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aACC,4DACD,CAAC,CACD,UAAU;EAKZ,YAAY,EACV,SAAS,CACT,KAAK,EACL,aACC,4EACD,CAAC,CACD,QAAQ,KAAK,CACb,UAAU;EACZ,CAAC;CACF,UAAU;EACT,mBAAmB,CAClB,qCACA,mBACA;EACD,QAAQ;GACP,MAAM,EAAE;GAMR,UAAU,EAAE;GAMZ;EACD,SAAS;GACR,aAAa;GACb,aAAa;GACb,WAAW,EACV,OAAO;IACN,aACC;IACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;KAEP,MAAM;KACN,aAAa;KACb,YAAY;MACX,UAAU;OACT,MAAM;OACN,MAAM,CAAC,MAAM;OACb;MACD,OAAO;OACN,MAAM;OACN,aAAa;OACb;MACD,KAAK;OACJ,MAAM;OACN,UAAU;OACV;MACD,MAAM;OACL,MAAM;OACN,MAAM;OACN;MACD;KACD,UAAU;MAAC;MAAY;MAAS;MAAO;KACvC,EACD,EACD;IACD,EACD;GACD;EACD;CACD,EACD,OACC,QAMK;AACL,KAAI,CAAC,IAAI,QAAQ,SAAS,kBAAkB,SAAS;AACpD,MAAI,QAAQ,OAAO,MAClB,+KACA;AACD,QAAM,SAAS,KAAK,eAAe;GAClC,MAAM;GACN,SAAS;GACT,CAAC;;CAEH,MAAM,EAAE,OAAO,aAAa,IAAI;AAEhC,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;CAEnE,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,OAAO,EACrE,iBAAiB,MACjB,CAAC;AAEF,KAAI,CAAC,MAAM;AAGV,QAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,MAAI,QAAQ,OAAO,MAAM,kBAAkB,EAAE,OAAO,CAAC;AACrD,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;CAGF,MAAM,oBAAoB,KAAK,SAAS,MACtC,MAAM,EAAE,eAAe,aACxB;AACD,KAAI,CAAC,mBAAmB;AACvB,QAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,MAAI,QAAQ,OAAO,MAAM,gCAAgC,EAAE,OAAO,CAAC;AACnE,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;CAEF,MAAM,kBAAkB,mBAAmB;AAC3C,KAAI,CAAC,iBAAiB;AACrB,QAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,MAAI,QAAQ,OAAO,MAAM,sBAAsB,EAAE,OAAO,CAAC;AACzD,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;AAMF,KAAI,CAJkB,MAAM,IAAI,QAAQ,SAAS,OAAO;EACvD,MAAM;EACN;EACA,CAAC,EACkB;AACnB,MAAI,QAAQ,OAAO,MAAM,mBAAmB;AAC5C,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;AAGF,KACC,IAAI,QAAQ,SAAS,kBAAkB,4BACvC,CAAC,KAAK,KAAK,eACV;AACD,MAAI,CAAC,IAAI,QAAQ,SAAS,mBAAmB,sBAC5C,OAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;AAGtE,MAAI,IAAI,QAAQ,SAAS,mBAAmB,cAAc;GACzD,MAAM,QAAQ,MAAM,6BACnB,IAAI,QAAQ,QACZ,KAAK,KAAK,OACV,QACA,IAAI,QAAQ,QAAQ,mBAAmB,UACvC;GACD,MAAM,cAAc,IAAI,KAAK,cAC1B,mBAAmB,IAAI,KAAK,YAAY,GACxC,mBAAmB,IAAI;GAC1B,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,sBAAsB,MAAM,eAAe;AAC9E,SAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;IACC,MAAM,KAAK;IACX;IACA;IACA,EACD,IAAI,QACJ,CACD;;AAGF,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;CAGtE,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,KAAK,KAAK,IACV,IAAI,KAAK,eAAe,MACxB;AAED,KAAI,CAAC,SAAS;AACb,MAAI,QAAQ,OAAO,MAAM,2BAA2B;AACpD,QAAM,SAAS,KACd,gBACA,iBAAiB,yBACjB;;AAGF,OAAM,iBACL,KACA;EACC;EACA,MAAM,KAAK;EACX,EACD,IAAI,KAAK,eAAe,MACxB;AAED,KAAI,IAAI,KAAK,YACZ,KAAI,UAAU,YAAY,IAAI,KAAK,YAAY;AAGhD,QAAO,IAAI,KAAK;EACf,UAAU,CAAC,CAAC,IAAI,KAAK;EACrB,OAAO,QAAQ;EACf,KAAK,IAAI,KAAK;EACd,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,KAAK;EAIrD,CAAC;EAEH"}
1
+ {"version":3,"file":"sign-in.mjs","names":[],"sources":["../../../src/api/routes/sign-in.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { User } from \"@better-auth/core/db\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { SocialProviderListEnum } from \"@better-auth/core/social-providers\";\nimport * as z from \"zod\";\nimport { getAwaitableValue } from \"../../context/helpers\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { parseUserOutput } from \"../../db/schema\";\nimport { handleOAuthUserInfo } from \"../../oauth2/link-account\";\nimport { generateState } from \"../../utils\";\nimport { formCsrfMiddleware } from \"../middlewares/origin-check\";\nimport { createEmailVerificationToken } from \"./email-verification\";\n\nconst socialSignInBodySchema = z.object({\n\t/**\n\t * Callback URL to redirect to after the user\n\t * has signed in.\n\t */\n\tcallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"Callback URL to redirect to after the user has signed in\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * callback url to redirect if the user is newly registered.\n\t *\n\t * useful if you have different routes for existing users and new users\n\t */\n\tnewUserCallbackURL: z.string().optional(),\n\t/**\n\t * Callback url to redirect to if an error happens\n\t *\n\t * If it's initiated from the client sdk this defaults to\n\t * the current url.\n\t */\n\terrorCallbackURL: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"Callback URL to redirect to if an error happens\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * OAuth2 provider to use`\n\t */\n\tprovider: SocialProviderListEnum,\n\t/**\n\t * Disable automatic redirection to the provider\n\t *\n\t * This is useful if you want to handle the redirection\n\t * yourself like in a popup or a different tab.\n\t */\n\tdisableRedirect: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Disable automatic redirection to the provider. Useful for handling the redirection yourself\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * ID token from the provider\n\t *\n\t * This is used to sign in the user\n\t * if the user is already signed in with the\n\t * provider in the frontend.\n\t *\n\t * Only applicable if the provider supports\n\t * it. Currently only `apple` and `google` is\n\t * supported out of the box.\n\t */\n\tidToken: z.optional(\n\t\tz.object({\n\t\t\t/**\n\t\t\t * ID token from the provider\n\t\t\t */\n\t\t\ttoken: z.string().meta({\n\t\t\t\tdescription: \"ID token from the provider\",\n\t\t\t}),\n\t\t\t/**\n\t\t\t * The nonce used to generate the token\n\t\t\t */\n\t\t\tnonce: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Nonce used to generate the token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Access token from the provider\n\t\t\t */\n\t\t\taccessToken: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Access token from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Refresh token from the provider\n\t\t\t */\n\t\t\trefreshToken: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Refresh token from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Expiry date of the token\n\t\t\t */\n\t\t\texpiresAt: z\n\t\t\t\t.number()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Expiry date of the token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * The user object from the provider.\n\t\t\t * This is only available for some providers like Apple.\n\t\t\t */\n\t\t\tuser: z\n\t\t\t\t.object({\n\t\t\t\t\tname: z\n\t\t\t\t\t\t.object({\n\t\t\t\t\t\t\tfirstName: z.string().optional(),\n\t\t\t\t\t\t\tlastName: z.string().optional(),\n\t\t\t\t\t\t})\n\t\t\t\t\t\t.optional(),\n\t\t\t\t\temail: z.string().optional(),\n\t\t\t\t})\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"The user object from the provider. Only available for some providers like Apple.\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t),\n\tscopes: z\n\t\t.array(z.string())\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Array of scopes to request from the provider. This will override the default scopes passed.\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Explicitly request sign-up\n\t *\n\t * Should be used to allow sign up when\n\t * disableImplicitSignUp for this provider is\n\t * true\n\t */\n\trequestSignUp: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * The login hint to use for the authorization code request\n\t */\n\tloginHint: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The login hint to use for the authorization code request\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Additional data to be passed through the OAuth flow\n\t */\n\tadditionalData: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription: \"Additional data to be passed through the OAuth flow\",\n\t}),\n});\n\nexport const signInSocial = <O extends BetterAuthOptions>() =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-in/social\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\toperationId: \"socialSignIn\",\n\t\t\tbody: socialSignInBodySchema,\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as z.infer<typeof socialSignInBodySchema>,\n\t\t\t\t\treturned: {} as {\n\t\t\t\t\t\tredirect: boolean;\n\t\t\t\t\t\ttoken?: string | undefined;\n\t\t\t\t\t\turl?: string | undefined;\n\t\t\t\t\t\tuser?: User<O[\"user\"], O[\"plugins\"]> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Sign in with a social provider\",\n\t\t\t\t\toperationId: \"socialSignIn\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Success - Returns either session details or redirect URL\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t// todo: we need support for multiple schema\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tdescription: \"Session response when idToken is provided\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [false],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"redirect\", \"token\", \"user\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (\n\t\t\tc,\n\t\t): Promise<\n\t\t\t| { redirect: boolean; url: string }\n\t\t\t| {\n\t\t\t\t\tredirect: boolean;\n\t\t\t\t\ttoken: string;\n\t\t\t\t\turl: undefined;\n\t\t\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t\t }\n\t\t> => {\n\t\t\tconst provider = await getAwaitableValue(c.context.socialProviders, {\n\t\t\t\tvalue: c.body.provider,\n\t\t\t});\n\t\t\tif (!provider) {\n\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\"Provider not found. Make sure to add the provider in your auth config\",\n\t\t\t\t\t{\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (c.body.idToken) {\n\t\t\t\tif (!provider.verifyIdToken) {\n\t\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\t\"Provider does not support id token verification\",\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"NOT_FOUND\",\n\t\t\t\t\t\tBASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst { token, nonce } = c.body.idToken;\n\t\t\t\tconst valid = await provider.verifyIdToken(token, nonce);\n\t\t\t\tif (!valid) {\n\t\t\t\t\tc.context.logger.error(\"Invalid id token\", {\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t});\n\t\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t\t\t}\n\t\t\t\tconst userInfo = await provider.getUserInfo({\n\t\t\t\t\tidToken: token,\n\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t\t\tuser: c.body.idToken.user,\n\t\t\t\t});\n\t\t\t\tif (!userInfo || !userInfo?.user) {\n\t\t\t\t\tc.context.logger.error(\"Failed to get user info\", {\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t});\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_GET_USER_INFO,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (!userInfo.user.email) {\n\t\t\t\t\tc.context.logger.error(\"User email not found\", {\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t});\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\t\tBASE_ERROR_CODES.USER_EMAIL_NOT_FOUND,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst data = await handleOAuthUserInfo(c, {\n\t\t\t\t\tuserInfo: {\n\t\t\t\t\t\t...userInfo.user,\n\t\t\t\t\t\temail: userInfo.user.email,\n\t\t\t\t\t\tid: String(userInfo.user.id),\n\t\t\t\t\t\tname: userInfo.user.name || \"\",\n\t\t\t\t\t\timage: userInfo.user.image,\n\t\t\t\t\t\temailVerified: userInfo.user.emailVerified || false,\n\t\t\t\t\t},\n\t\t\t\t\taccount: {\n\t\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\t\taccountId: String(userInfo.user.id),\n\t\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\t},\n\t\t\t\t\tcallbackURL: c.body.callbackURL,\n\t\t\t\t\tdisableSignUp:\n\t\t\t\t\t\t(provider.disableImplicitSignUp && !c.body.requestSignUp) ||\n\t\t\t\t\t\tprovider.disableSignUp,\n\t\t\t\t});\n\t\t\t\tif (data.error) {\n\t\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\t\tmessage: data.error,\n\t\t\t\t\t\tcode: \"OAUTH_LINK_ERROR\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tawait setSessionCookie(c, data.data!);\n\t\t\t\treturn c.json({\n\t\t\t\t\tredirect: false,\n\t\t\t\t\ttoken: data.data!.session.token,\n\t\t\t\t\turl: undefined,\n\t\t\t\t\tuser: parseUserOutput(c.context.options, data.data!.user) as User<\n\t\t\t\t\t\tO[\"user\"],\n\t\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t\t>,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst { codeVerifier, state } = await generateState(\n\t\t\t\tc,\n\t\t\t\tundefined,\n\t\t\t\tc.body.additionalData,\n\t\t\t);\n\t\t\tconst url = await provider.createAuthorizationURL({\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: `${c.context.baseURL}/callback/${provider.id}`,\n\t\t\t\tscopes: c.body.scopes,\n\t\t\t\tloginHint: c.body.loginHint,\n\t\t\t});\n\n\t\t\tif (!c.body.disableRedirect) {\n\t\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t\t}\n\n\t\t\treturn c.json({\n\t\t\t\turl: url.toString(),\n\t\t\t\tredirect: !c.body.disableRedirect,\n\t\t\t});\n\t\t},\n\t);\n\nexport const signInEmail = <O extends BetterAuthOptions>() =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-in/email\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\toperationId: \"signInEmail\",\n\t\t\tuse: [formCsrfMiddleware],\n\t\t\tbody: z.object({\n\t\t\t\t/**\n\t\t\t\t * Email of the user\n\t\t\t\t */\n\t\t\t\temail: z.string().meta({\n\t\t\t\t\tdescription: \"Email of the user\",\n\t\t\t\t}),\n\t\t\t\t/**\n\t\t\t\t * Password of the user\n\t\t\t\t */\n\t\t\t\tpassword: z.string().meta({\n\t\t\t\t\tdescription: \"Password of the user\",\n\t\t\t\t}),\n\t\t\t\t/**\n\t\t\t\t * Callback URL to use as a redirect for email\n\t\t\t\t * verification and for possible redirects\n\t\t\t\t */\n\t\t\t\tcallbackURL: z\n\t\t\t\t\t.string()\n\t\t\t\t\t.meta({\n\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\"Callback URL to use as a redirect for email verification\",\n\t\t\t\t\t})\n\t\t\t\t\t.optional(),\n\t\t\t\t/**\n\t\t\t\t * If this is false, the session will not be remembered\n\t\t\t\t * @default true\n\t\t\t\t */\n\t\t\t\trememberMe: z\n\t\t\t\t\t.boolean()\n\t\t\t\t\t.meta({\n\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\"If this is false, the session will not be remembered. Default is `true`.\",\n\t\t\t\t\t})\n\t\t\t\t\t.default(true)\n\t\t\t\t\t.optional(),\n\t\t\t}),\n\t\t\tmetadata: {\n\t\t\t\tallowedMediaTypes: [\n\t\t\t\t\t\"application/x-www-form-urlencoded\",\n\t\t\t\t\t\"application/json\",\n\t\t\t\t],\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword: string;\n\t\t\t\t\t\tcallbackURL?: string | undefined;\n\t\t\t\t\t\trememberMe?: boolean | undefined;\n\t\t\t\t\t},\n\t\t\t\t\treturned: {} as {\n\t\t\t\t\t\tredirect: boolean;\n\t\t\t\t\t\ttoken: string;\n\t\t\t\t\t\turl?: string | undefined;\n\t\t\t\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"signInEmail\",\n\t\t\t\t\tdescription: \"Sign in with email and password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Success - Returns either session details or redirect URL\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t// todo: we need support for multiple schema\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tdescription: \"Session response when idToken is provided\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [false],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Session token\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"redirect\", \"token\", \"user\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (\n\t\t\tctx,\n\t\t): Promise<{\n\t\t\tredirect: boolean;\n\t\t\ttoken: string;\n\t\t\turl?: string | undefined;\n\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t}> => {\n\t\t\tif (!ctx.context.options?.emailAndPassword?.enabled) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!\",\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\tcode: \"EMAIL_PASSWORD_DISABLED\",\n\t\t\t\t\tmessage: \"Email and password is not enabled\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst { email, password } = ctx.body;\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email, {\n\t\t\t\tincludeAccounts: true,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\t// Hash password to prevent timing attacks from revealing valid email addresses\n\t\t\t\t// By hashing passwords for invalid emails, we ensure consistent response times\n\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\tctx.context.logger.error(\"User not found\", { email });\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst credentialAccount = user.accounts.find(\n\t\t\t\t(a) => a.providerId === \"credential\",\n\t\t\t);\n\t\t\tif (!credentialAccount) {\n\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\tctx.context.logger.error(\"Credential account not found\", { email });\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst currentPassword = credentialAccount?.password;\n\t\t\tif (!currentPassword) {\n\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\tctx.context.logger.error(\"Password not found\", { email });\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst validPassword = await ctx.context.password.verify({\n\t\t\t\thash: currentPassword,\n\t\t\t\tpassword,\n\t\t\t});\n\t\t\tif (!validPassword) {\n\t\t\t\tctx.context.logger.error(\"Invalid password\");\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tctx.context.options?.emailAndPassword?.requireEmailVerification &&\n\t\t\t\t!user.user.emailVerified\n\t\t\t) {\n\t\t\t\tif (!ctx.context.options?.emailVerification?.sendVerificationEmail) {\n\t\t\t\t\tthrow APIError.from(\"FORBIDDEN\", BASE_ERROR_CODES.EMAIL_NOT_VERIFIED);\n\t\t\t\t}\n\n\t\t\t\tif (ctx.context.options?.emailVerification?.sendOnSignIn) {\n\t\t\t\t\tconst token = await createEmailVerificationToken(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tuser.user.email,\n\t\t\t\t\t\tundefined,\n\t\t\t\t\t\tctx.context.options.emailVerification?.expiresIn,\n\t\t\t\t\t);\n\t\t\t\t\tconst callbackURL = ctx.body.callbackURL\n\t\t\t\t\t\t? encodeURIComponent(ctx.body.callbackURL)\n\t\t\t\t\t\t: encodeURIComponent(\"/\");\n\t\t\t\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${callbackURL}`;\n\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tuser: user.user,\n\t\t\t\t\t\t\t\turl,\n\t\t\t\t\t\t\t\ttoken,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t),\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tthrow APIError.from(\"FORBIDDEN\", BASE_ERROR_CODES.EMAIL_NOT_VERIFIED);\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\tuser.user.id,\n\t\t\t\tctx.body.rememberMe === false,\n\t\t\t);\n\n\t\t\tif (!session) {\n\t\t\t\tctx.context.logger.error(\"Failed to create session\");\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession,\n\t\t\t\t\tuser: user.user,\n\t\t\t\t},\n\t\t\t\tctx.body.rememberMe === false,\n\t\t\t);\n\n\t\t\tif (ctx.body.callbackURL) {\n\t\t\t\tctx.setHeader(\"Location\", ctx.body.callbackURL);\n\t\t\t}\n\n\t\t\treturn ctx.json({\n\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t\ttoken: session.token,\n\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user.user) as User<\n\t\t\t\t\tO[\"user\"],\n\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t>,\n\t\t\t});\n\t\t},\n\t);\n"],"mappings":";;;;;;;;;;;;;;AAcA,MAAM,yBAAyB,EAAE,OAAO;CAKvC,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,4DACb,CAAC,CACD,UAAU;CAMZ,oBAAoB,EAAE,QAAQ,CAAC,UAAU;CAOzC,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aAAa,mDACb,CAAC,CACD,UAAU;CAIZ,UAAU;CAOV,iBAAiB,EACf,SAAS,CACT,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;CAYZ,SAAS,EAAE,SACV,EAAE,OAAO;EAIR,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,8BACb,CAAC;EAIF,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,oCACb,CAAC,CACD,UAAU;EAIZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,kCACb,CAAC,CACD,UAAU;EAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,mCACb,CAAC,CACD,UAAU;EAIZ,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;EAKZ,MAAM,EACJ,OAAO;GACP,MAAM,EACJ,OAAO;IACP,WAAW,EAAE,QAAQ,CAAC,UAAU;IAChC,UAAU,EAAE,QAAQ,CAAC,UAAU;IAC/B,CAAC,CACD,UAAU;GACZ,OAAO,EAAE,QAAQ,CAAC,UAAU;GAC5B,CAAC,CACD,KAAK,EACL,aACC,oFACD,CAAC,CACD,UAAU;EACZ,CAAC,CACF;CACD,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;CAQZ,eAAe,EACb,SAAS,CACT,KAAK,EACL,aACC,2FACD,CAAC,CACD,UAAU;CAIZ,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,4DACb,CAAC,CACD,UAAU;CAIZ,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EAC7D,aAAa,uDACb,CAAC;CACF,CAAC;AAEF,MAAa,qBACZ,mBACC,mBACA;CACC,QAAQ;CACR,aAAa;CACb,MAAM;CACN,UAAU;EACT,QAAQ;GACP,MAAM,EAAE;GACR,UAAU,EAAE;GAMZ;EACD,SAAS;GACR,aAAa;GACb,aAAa;GACb,WAAW,EACV,OAAO;IACN,aACC;IACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;KAEP,MAAM;KACN,aAAa;KACb,YAAY;MACX,OAAO,EACN,MAAM,UACN;MACD,MAAM;OACL,MAAM;OACN,MAAM;OACN;MACD,KAAK,EACJ,MAAM,UACN;MACD,UAAU;OACT,MAAM;OACN,MAAM,CAAC,MAAM;OACb;MACD;KACD,UAAU;MAAC;MAAY;MAAS;MAAO;KACvC,EACD,EACD;IACD,EACD;GACD;EACD;CACD,EACD,OACC,MASI;CACJ,MAAM,WAAW,MAAM,kBAAkB,EAAE,QAAQ,iBAAiB,EACnE,OAAO,EAAE,KAAK,UACd,CAAC;AACF,KAAI,CAAC,UAAU;AACd,IAAE,QAAQ,OAAO,MAChB,yEACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;AAGtE,KAAI,EAAE,KAAK,SAAS;AACnB,MAAI,CAAC,SAAS,eAAe;AAC5B,KAAE,QAAQ,OAAO,MAChB,mDACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,SAAM,SAAS,KACd,aACA,iBAAiB,uBACjB;;EAEF,MAAM,EAAE,OAAO,UAAU,EAAE,KAAK;AAEhC,MAAI,CADU,MAAM,SAAS,cAAc,OAAO,MAAM,EAC5C;AACX,KAAE,QAAQ,OAAO,MAAM,oBAAoB,EAC1C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KAAK,gBAAgB,iBAAiB,cAAc;;EAEpE,MAAM,WAAW,MAAM,SAAS,YAAY;GAC3C,SAAS;GACT,aAAa,EAAE,KAAK,QAAQ;GAC5B,cAAc,EAAE,KAAK,QAAQ;GAC7B,MAAM,EAAE,KAAK,QAAQ;GACrB,CAAC;AACF,MAAI,CAAC,YAAY,CAAC,UAAU,MAAM;AACjC,KAAE,QAAQ,OAAO,MAAM,2BAA2B,EACjD,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,wBACjB;;AAEF,MAAI,CAAC,SAAS,KAAK,OAAO;AACzB,KAAE,QAAQ,OAAO,MAAM,wBAAwB,EAC9C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,qBACjB;;EAEF,MAAM,OAAO,MAAM,oBAAoB,GAAG;GACzC,UAAU;IACT,GAAG,SAAS;IACZ,OAAO,SAAS,KAAK;IACrB,IAAI,OAAO,SAAS,KAAK,GAAG;IAC5B,MAAM,SAAS,KAAK,QAAQ;IAC5B,OAAO,SAAS,KAAK;IACrB,eAAe,SAAS,KAAK,iBAAiB;IAC9C;GACD,SAAS;IACR,YAAY,SAAS;IACrB,WAAW,OAAO,SAAS,KAAK,GAAG;IACnC,aAAa,EAAE,KAAK,QAAQ;IAC5B;GACD,aAAa,EAAE,KAAK;GACpB,eACE,SAAS,yBAAyB,CAAC,EAAE,KAAK,iBAC3C,SAAS;GACV,CAAC;AACF,MAAI,KAAK,MACR,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS,KAAK;GACd,MAAM;GACN,CAAC;AAEH,QAAM,iBAAiB,GAAG,KAAK,KAAM;AACrC,SAAO,EAAE,KAAK;GACb,UAAU;GACV,OAAO,KAAK,KAAM,QAAQ;GAC1B,KAAK;GACL,MAAM,gBAAgB,EAAE,QAAQ,SAAS,KAAK,KAAM,KAAK;GAIzD,CAAC;;CAGH,MAAM,EAAE,cAAc,UAAU,MAAM,cACrC,GACA,QACA,EAAE,KAAK,eACP;CACD,MAAM,MAAM,MAAM,SAAS,uBAAuB;EACjD;EACA;EACA,aAAa,GAAG,EAAE,QAAQ,QAAQ,YAAY,SAAS;EACvD,QAAQ,EAAE,KAAK;EACf,WAAW,EAAE,KAAK;EAClB,CAAC;AAEF,KAAI,CAAC,EAAE,KAAK,gBACX,GAAE,UAAU,YAAY,IAAI,UAAU,CAAC;AAGxC,QAAO,EAAE,KAAK;EACb,KAAK,IAAI,UAAU;EACnB,UAAU,CAAC,EAAE,KAAK;EAClB,CAAC;EAEH;AAEF,MAAa,oBACZ,mBACC,kBACA;CACC,QAAQ;CACR,aAAa;CACb,KAAK,CAAC,mBAAmB;CACzB,MAAM,EAAE,OAAO;EAId,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,qBACb,CAAC;EAIF,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,wBACb,CAAC;EAKF,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aACC,4DACD,CAAC,CACD,UAAU;EAKZ,YAAY,EACV,SAAS,CACT,KAAK,EACL,aACC,4EACD,CAAC,CACD,QAAQ,KAAK,CACb,UAAU;EACZ,CAAC;CACF,UAAU;EACT,mBAAmB,CAClB,qCACA,mBACA;EACD,QAAQ;GACP,MAAM,EAAE;GAMR,UAAU,EAAE;GAMZ;EACD,SAAS;GACR,aAAa;GACb,aAAa;GACb,WAAW,EACV,OAAO;IACN,aACC;IACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;KAEP,MAAM;KACN,aAAa;KACb,YAAY;MACX,UAAU;OACT,MAAM;OACN,MAAM,CAAC,MAAM;OACb;MACD,OAAO;OACN,MAAM;OACN,aAAa;OACb;MACD,KAAK;OACJ,MAAM;OACN,UAAU;OACV;MACD,MAAM;OACL,MAAM;OACN,MAAM;OACN;MACD;KACD,UAAU;MAAC;MAAY;MAAS;MAAO;KACvC,EACD,EACD;IACD,EACD;GACD;EACD;CACD,EACD,OACC,QAMK;AACL,KAAI,CAAC,IAAI,QAAQ,SAAS,kBAAkB,SAAS;AACpD,MAAI,QAAQ,OAAO,MAClB,+KACA;AACD,QAAM,SAAS,KAAK,eAAe;GAClC,MAAM;GACN,SAAS;GACT,CAAC;;CAEH,MAAM,EAAE,OAAO,aAAa,IAAI;AAEhC,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;CAEnE,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,OAAO,EACrE,iBAAiB,MACjB,CAAC;AAEF,KAAI,CAAC,MAAM;AAGV,QAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,MAAI,QAAQ,OAAO,MAAM,kBAAkB,EAAE,OAAO,CAAC;AACrD,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;CAGF,MAAM,oBAAoB,KAAK,SAAS,MACtC,MAAM,EAAE,eAAe,aACxB;AACD,KAAI,CAAC,mBAAmB;AACvB,QAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,MAAI,QAAQ,OAAO,MAAM,gCAAgC,EAAE,OAAO,CAAC;AACnE,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;CAEF,MAAM,kBAAkB,mBAAmB;AAC3C,KAAI,CAAC,iBAAiB;AACrB,QAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,MAAI,QAAQ,OAAO,MAAM,sBAAsB,EAAE,OAAO,CAAC;AACzD,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;AAMF,KAAI,CAJkB,MAAM,IAAI,QAAQ,SAAS,OAAO;EACvD,MAAM;EACN;EACA,CAAC,EACkB;AACnB,MAAI,QAAQ,OAAO,MAAM,mBAAmB;AAC5C,QAAM,SAAS,KACd,gBACA,iBAAiB,0BACjB;;AAGF,KACC,IAAI,QAAQ,SAAS,kBAAkB,4BACvC,CAAC,KAAK,KAAK,eACV;AACD,MAAI,CAAC,IAAI,QAAQ,SAAS,mBAAmB,sBAC5C,OAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;AAGtE,MAAI,IAAI,QAAQ,SAAS,mBAAmB,cAAc;GACzD,MAAM,QAAQ,MAAM,6BACnB,IAAI,QAAQ,QACZ,KAAK,KAAK,OACV,QACA,IAAI,QAAQ,QAAQ,mBAAmB,UACvC;GACD,MAAM,cAAc,IAAI,KAAK,cAC1B,mBAAmB,IAAI,KAAK,YAAY,GACxC,mBAAmB,IAAI;GAC1B,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,sBAAsB,MAAM,eAAe;AAC9E,SAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;IACC,MAAM,KAAK;IACX;IACA;IACA,EACD,IAAI,QACJ,CACD;;AAGF,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;CAGtE,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,KAAK,KAAK,IACV,IAAI,KAAK,eAAe,MACxB;AAED,KAAI,CAAC,SAAS;AACb,MAAI,QAAQ,OAAO,MAAM,2BAA2B;AACpD,QAAM,SAAS,KACd,gBACA,iBAAiB,yBACjB;;AAGF,OAAM,iBACL,KACA;EACC;EACA,MAAM,KAAK;EACX,EACD,IAAI,KAAK,eAAe,MACxB;AAED,KAAI,IAAI,KAAK,YACZ,KAAI,UAAU,YAAY,IAAI,KAAK,YAAY;AAGhD,QAAO,IAAI,KAAK;EACf,UAAU,CAAC,CAAC,IAAI,KAAK;EACrB,OAAO,QAAQ;EACf,KAAK,IAAI,KAAK;EACd,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,KAAK;EAIrD,CAAC;EAEH"}
package/dist/api/routes/sign-up.d.mts CHANGED
@@ -1,5 +1,4 @@
1
1
  import { AdditionalUserFieldsInput, User } from "../../types/models.mjs";
2
- import "../../types/index.mjs";
3
2
  import { BetterAuthOptions } from "@better-auth/core";
4
3
  import * as better_call0 from "better-call";
5
4
  import * as z from "zod";
package/dist/api/routes/sign-up.mjs CHANGED
@@ -159,7 +159,8 @@ const signUpEmail = () => createAuthEndpoint("/sign-up/email", {
159
159
  ctx.context.logger.error("Password is too long");
160
160
  throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.PASSWORD_TOO_LONG);
161
161
  }
162
- const shouldReturnGenericDuplicateResponse = ctx.context.options.emailAndPassword.autoSignIn === false || ctx.context.options.emailAndPassword.requireEmailVerification;
162
+ const shouldReturnGenericDuplicateResponse = ctx.context.options.emailAndPassword.requireEmailVerification;
163
+ const shouldSkipAutoSignIn = ctx.context.options.emailAndPassword.autoSignIn === false || shouldReturnGenericDuplicateResponse;
163
164
  const additionalUserFields = parseUserInput(ctx.context.options, rest, "create");
164
165
  const normalizedEmail = email.toLowerCase();
165
166
  const dbUser = await ctx.context.internalAdapter.findUserByEmail(normalizedEmail);
@@ -247,7 +248,7 @@ const signUpEmail = () => createAuthEndpoint("/sign-up/email", {
247
248
  token
248
249
  }, ctx.request));
249
250
  }
250
- if (shouldReturnGenericDuplicateResponse) return ctx.json({
251
+ if (shouldSkipAutoSignIn) return ctx.json({
251
252
  token: null,
252
253
  user: parseUserOutput(ctx.context.options, createdUser)
253
254
  });
package/dist/api/routes/sign-up.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign-up.mjs","names":[],"sources":["../../../src/api/routes/sign-up.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { runWithTransaction } from \"@better-auth/core/context\";\nimport { isDevelopment } from \"@better-auth/core/env\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { generateId } from \"@better-auth/core/utils/id\";\nimport * as z from \"zod\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { parseUserInput } from \"../../db\";\nimport { parseUserOutput } from \"../../db/schema\";\nimport type { AdditionalUserFieldsInput, User } from \"../../types\";\nimport { isAPIError } from \"../../utils/is-api-error\";\nimport { formCsrfMiddleware } from \"../middlewares/origin-check\";\nimport { createEmailVerificationToken } from \"./email-verification\";\n\nconst signUpEmailBodySchema = z\n\t.object({\n\t\tname: z.string(),\n\t\temail: z.email(),\n\t\tpassword: z.string().nonempty(),\n\t\timage: z.string().optional(),\n\t\tcallbackURL: z.string().optional(),\n\t\trememberMe: z.boolean().optional(),\n\t})\n\t.and(z.record(z.string(), z.any()));\n\nexport const signUpEmail = <O extends BetterAuthOptions>() =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-up/email\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\toperationId: \"signUpWithEmailAndPassword\",\n\t\t\tuse: [formCsrfMiddleware],\n\t\t\tbody: signUpEmailBodySchema,\n\t\t\tmetadata: {\n\t\t\t\tallowedMediaTypes: [\n\t\t\t\t\t\"application/x-www-form-urlencoded\",\n\t\t\t\t\t\"application/json\",\n\t\t\t\t],\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword: string;\n\t\t\t\t\t\timage?: string | undefined;\n\t\t\t\t\t\tcallbackURL?: string | undefined;\n\t\t\t\t\t\trememberMe?: boolean | undefined;\n\t\t\t\t\t} & AdditionalUserFieldsInput<O>,\n\t\t\t\t\treturned: {} as {\n\t\t\t\t\t\ttoken: string | null;\n\t\t\t\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"signUpWithEmailAndPassword\",\n\t\t\t\t\tdescription: \"Sign up a user using email and password\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The name of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The email of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tpassword: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The password of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The profile image URL of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tcallbackURL: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"The URL to use for email verification callback\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trememberMe: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"If this is false, the session will not be remembered. Default is `true`.\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"name\", \"email\", \"password\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Successfully created user\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Authentication token for the session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The unique identifier of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"email\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The email address of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The name of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The profile image URL of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Whether the email has been verified\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"When the user was created\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"When the user was last updated\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"email\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"name\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"emailVerified\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"user\"], // token is optional\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"422\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Unprocessable Entity. User already exists or failed to create user.\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\treturn runWithTransaction(ctx.context.adapter, async () => {\n\t\t\t\tif (\n\t\t\t\t\t!ctx.context.options.emailAndPassword?.enabled ||\n\t\t\t\t\tctx.context.options.emailAndPassword?.disableSignUp\n\t\t\t\t) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\t\tmessage: \"Email and password sign up is not enabled\",\n\t\t\t\t\t\tcode: \"EMAIL_PASSWORD_SIGN_UP_DISABLED\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tconst body = ctx.body as any as User & {\n\t\t\t\t\tpassword: string;\n\t\t\t\t\tcallbackURL?: string | undefined;\n\t\t\t\t\trememberMe?: boolean | undefined;\n\t\t\t\t} & {\n\t\t\t\t\t[key: string]: any;\n\t\t\t\t};\n\t\t\t\tconst {\n\t\t\t\t\tname,\n\t\t\t\t\temail,\n\t\t\t\t\tpassword,\n\t\t\t\t\timage,\n\t\t\t\t\tcallbackURL: _callbackURL,\n\t\t\t\t\trememberMe,\n\t\t\t\t\t...rest\n\t\t\t\t} = body;\n\t\t\t\tconst isValidEmail = z.email().safeParse(email);\n\n\t\t\t\tif (!isValidEmail.success) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t\t}\n\n\t\t\t\tif (!password || typeof password !== \"string\") {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_PASSWORD);\n\t\t\t\t}\n\n\t\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\t\tif (password.length < minPasswordLength) {\n\t\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.PASSWORD_TOO_SHORT,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\t\tif (password.length > maxPasswordLength) {\n\t\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.PASSWORD_TOO_LONG,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst shouldReturnGenericDuplicateResponse =\n\t\t\t\t\tctx.context.options.emailAndPassword.autoSignIn === false ||\n\t\t\t\t\tctx.context.options.emailAndPassword.requireEmailVerification;\n\t\t\t\tconst additionalUserFields = parseUserInput(\n\t\t\t\t\tctx.context.options,\n\t\t\t\t\trest,\n\t\t\t\t\t\"create\",\n\t\t\t\t);\n\t\t\t\tconst normalizedEmail = email.toLowerCase();\n\t\t\t\tconst dbUser =\n\t\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(normalizedEmail);\n\t\t\t\tif (dbUser?.user) {\n\t\t\t\t\tctx.context.logger.info(\n\t\t\t\t\t\t`Sign-up attempt for existing email: ${email}`,\n\t\t\t\t\t);\n\t\t\t\t\tif (shouldReturnGenericDuplicateResponse) {\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * Hash the password to reduce timing differences\n\t\t\t\t\t\t * between existing and non-existing emails.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\t\t\tif (ctx.context.options.emailAndPassword?.onExistingUserSignUp) {\n\t\t\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\t\t\tctx.context.options.emailAndPassword.onExistingUserSignUp(\n\t\t\t\t\t\t\t\t\t{ user: dbUser.user },\n\t\t\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst now = new Date();\n\t\t\t\t\t\tconst generatedId =\n\t\t\t\t\t\t\tctx.context.generateId({ model: \"user\" }) || generateId();\n\t\t\t\t\t\tconst coreFields = {\n\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\temail: normalizedEmail,\n\t\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t\t\timage: image || null,\n\t\t\t\t\t\t\tcreatedAt: now,\n\t\t\t\t\t\t\tupdatedAt: now,\n\t\t\t\t\t\t};\n\n\t\t\t\t\t\tconst customSyntheticUser =\n\t\t\t\t\t\t\tctx.context.options.emailAndPassword?.customSyntheticUser;\n\n\t\t\t\t\t\tlet syntheticUser: Record<string, unknown>;\n\t\t\t\t\t\tif (customSyntheticUser) {\n\t\t\t\t\t\t\t// Extract only user-defined additionalFields (not plugin fields)\n\t\t\t\t\t\t\tconst additionalFieldKeys = Object.keys(\n\t\t\t\t\t\t\t\tctx.context.options.user?.additionalFields ?? {},\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tconst additionalFields: Record<string, unknown> = {};\n\t\t\t\t\t\t\tfor (const key of additionalFieldKeys) {\n\t\t\t\t\t\t\t\tif (key in additionalUserFields) {\n\t\t\t\t\t\t\t\t\tadditionalFields[key] = additionalUserFields[key];\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tsyntheticUser = customSyntheticUser({\n\t\t\t\t\t\t\t\tcoreFields,\n\t\t\t\t\t\t\t\tadditionalFields,\n\t\t\t\t\t\t\t\tid: generatedId,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tsyntheticUser = {\n\t\t\t\t\t\t\t\t...coreFields,\n\t\t\t\t\t\t\t\t...additionalUserFields,\n\t\t\t\t\t\t\t\tid: generatedId,\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\ttoken: null,\n\t\t\t\t\t\t\tuser: parseUserOutput(\n\t\t\t\t\t\t\t\tctx.context.options,\n\t\t\t\t\t\t\t\tsyntheticUser as User,\n\t\t\t\t\t\t\t) as User<O[\"user\"], O[\"plugins\"]>,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNPROCESSABLE_ENTITY\",\n\t\t\t\t\t\tBASE_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\t/**\n\t\t\t\t * Hash the password\n\t\t\t\t *\n\t\t\t\t * This is done prior to creating the user\n\t\t\t\t * to ensure that any plugin that\n\t\t\t\t * may break the hashing should break\n\t\t\t\t * before the user is created.\n\t\t\t\t */\n\t\t\t\tconst hash = await ctx.context.password.hash(password);\n\t\t\t\tlet createdUser: User;\n\t\t\t\ttry {\n\t\t\t\t\tcreatedUser = await ctx.context.internalAdapter.createUser({\n\t\t\t\t\t\temail: normalizedEmail,\n\t\t\t\t\t\tname,\n\t\t\t\t\t\timage,\n\t\t\t\t\t\t...additionalUserFields,\n\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t});\n\t\t\t\t\tif (!createdUser) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (isDevelopment()) {\n\t\t\t\t\t\tctx.context.logger.error(\"Failed to create user\", e);\n\t\t\t\t\t}\n\t\t\t\t\tif (isAPIError(e)) {\n\t\t\t\t\t\tthrow e;\n\t\t\t\t\t}\n\t\t\t\t\tctx.context.logger?.error(\"Failed to create user\", e);\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNPROCESSABLE_ENTITY\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (!createdUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNPROCESSABLE_ENTITY\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\tuserId: createdUser.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\taccountId: createdUser.id,\n\t\t\t\t\tpassword: hash,\n\t\t\t\t});\n\t\t\t\tconst shouldSendVerificationEmail =\n\t\t\t\t\tctx.context.options.emailVerification?.sendOnSignUp ??\n\t\t\t\t\tctx.context.options.emailAndPassword.requireEmailVerification;\n\t\t\t\tif (shouldSendVerificationEmail) {\n\t\t\t\t\tconst token = await createEmailVerificationToken(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tcreatedUser.email,\n\t\t\t\t\t\tundefined,\n\t\t\t\t\t\tctx.context.options.emailVerification?.expiresIn,\n\t\t\t\t\t);\n\t\t\t\t\tconst callbackURL = body.callbackURL\n\t\t\t\t\t\t? encodeURIComponent(body.callbackURL)\n\t\t\t\t\t\t: encodeURIComponent(\"/\");\n\t\t\t\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${callbackURL}`;\n\n\t\t\t\t\tif (ctx.context.options.emailVerification?.sendVerificationEmail) {\n\t\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tuser: createdUser,\n\t\t\t\t\t\t\t\t\turl,\n\t\t\t\t\t\t\t\t\ttoken,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (shouldReturnGenericDuplicateResponse) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\ttoken: null,\n\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, createdUser) as User<\n\t\t\t\t\t\t\tO[\"user\"],\n\t\t\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t\t\t>,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\tcreatedUser.id,\n\t\t\t\t\trememberMe === false,\n\t\t\t\t);\n\t\t\t\tif (!session) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait setSessionCookie(\n\t\t\t\t\tctx,\n\t\t\t\t\t{\n\t\t\t\t\t\tsession,\n\t\t\t\t\t\tuser: createdUser,\n\t\t\t\t\t},\n\t\t\t\t\trememberMe === false,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\ttoken: session.token,\n\t\t\t\t\tuser: parseUserOutput(ctx.context.options, createdUser) as User<\n\t\t\t\t\t\tO[\"user\"],\n\t\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t\t>,\n\t\t\t\t});\n\t\t\t});\n\t\t},\n\t);\n"],"mappings":";;;;;;;;;;;;;;AAeA,MAAM,wBAAwB,EAC5B,OAAO;CACP,MAAM,EAAE,QAAQ;CAChB,OAAO,EAAE,OAAO;CAChB,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC5B,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,YAAY,EAAE,SAAS,CAAC,UAAU;CAClC,CAAC,CACD,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;AAEpC,MAAa,oBACZ,mBACC,kBACA;CACC,QAAQ;CACR,aAAa;CACb,KAAK,CAAC,mBAAmB;CACzB,MAAM;CACN,UAAU;EACT,mBAAmB,CAClB,qCACA,mBACA;EACD,QAAQ;GACP,MAAM,EAAE;GAQR,UAAU,EAAE;GAIZ;EACD,SAAS;GACR,aAAa;GACb,aAAa;GACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,MAAM;MACL,MAAM;MACN,aAAa;MACb;KACD,OAAO;MACN,MAAM;MACN,aAAa;MACb;KACD,UAAU;MACT,MAAM;MACN,aAAa;MACb;KACD,OAAO;MACN,MAAM;MACN,aAAa;MACb;KACD,aAAa;MACZ,MAAM;MACN,aACC;MACD;KACD,YAAY;MACX,MAAM;MACN,aACC;MACD;KACD;IACD,UAAU;KAAC;KAAQ;KAAS;KAAW;IACvC,EACD,EACD,EACD;GACD,WAAW;IACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO;QACN,MAAM;QACN,UAAU;QACV,aAAa;QACb;OACD,MAAM;QACL,MAAM;QACN,YAAY;SACX,IAAI;UACH,MAAM;UACN,aAAa;UACb;SACD,OAAO;UACN,MAAM;UACN,QAAQ;UACR,aAAa;UACb;SACD,MAAM;UACL,MAAM;UACN,aAAa;UACb;SACD,OAAO;UACN,MAAM;UACN,QAAQ;UACR,UAAU;UACV,aAAa;UACb;SACD,eAAe;UACd,MAAM;UACN,aAAa;UACb;SACD,WAAW;UACV,MAAM;UACN,QAAQ;UACR,aAAa;UACb;SACD,WAAW;UACV,MAAM;UACN,QAAQ;UACR,aAAa;UACb;SACD;QACD,UAAU;SACT;SACA;SACA;SACA;SACA;SACA;SACA;QACD;OACD;MACD,UAAU,CAAC,OAAO;MAClB,EACD,EACD;KACD;IACD,OAAO;KACN,aACC;KACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;MACD,EACD,EACD;KACD;IACD;GACD;EACD;CACD,EACD,OAAO,QAAQ;AACd,QAAO,mBAAmB,IAAI,QAAQ,SAAS,YAAY;AAC1D,MACC,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,WACvC,IAAI,QAAQ,QAAQ,kBAAkB,cAEtC,OAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;EAEH,MAAM,OAAO,IAAI;EAOjB,MAAM,EACL,MACA,OACA,UACA,OACA,aAAa,cACb,YACA,GAAG,SACA;AAGJ,MAAI,CAFiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAE7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAGnE,MAAI,CAAC,YAAY,OAAO,aAAa,SACpC,OAAM,SAAS,KAAK,eAAe,iBAAiB,iBAAiB;EAGtE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,MAAI,SAAS,SAAS,mBAAmB;AACxC,OAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,SAAM,SAAS,KACd,eACA,iBAAiB,mBACjB;;EAGF,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,MAAI,SAAS,SAAS,mBAAmB;AACxC,OAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,SAAM,SAAS,KACd,eACA,iBAAiB,kBACjB;;EAEF,MAAM,uCACL,IAAI,QAAQ,QAAQ,iBAAiB,eAAe,SACpD,IAAI,QAAQ,QAAQ,iBAAiB;EACtC,MAAM,uBAAuB,eAC5B,IAAI,QAAQ,SACZ,MACA,SACA;EACD,MAAM,kBAAkB,MAAM,aAAa;EAC3C,MAAM,SACL,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,gBAAgB;AACnE,MAAI,QAAQ,MAAM;AACjB,OAAI,QAAQ,OAAO,KAClB,uCAAuC,QACvC;AACD,OAAI,sCAAsC;;;;;AAKzC,UAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,QAAI,IAAI,QAAQ,QAAQ,kBAAkB,qBACzC,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,iBAAiB,qBACpC,EAAE,MAAM,OAAO,MAAM,EACrB,IAAI,QACJ,CACD;IAEF,MAAM,sBAAM,IAAI,MAAM;IACtB,MAAM,cACL,IAAI,QAAQ,WAAW,EAAE,OAAO,QAAQ,CAAC,IAAI,YAAY;IAC1D,MAAM,aAAa;KAClB;KACA,OAAO;KACP,eAAe;KACf,OAAO,SAAS;KAChB,WAAW;KACX,WAAW;KACX;IAED,MAAM,sBACL,IAAI,QAAQ,QAAQ,kBAAkB;IAEvC,IAAI;AACJ,QAAI,qBAAqB;KAExB,MAAM,sBAAsB,OAAO,KAClC,IAAI,QAAQ,QAAQ,MAAM,oBAAoB,EAAE,CAChD;KACD,MAAM,mBAA4C,EAAE;AACpD,UAAK,MAAM,OAAO,oBACjB,KAAI,OAAO,qBACV,kBAAiB,OAAO,qBAAqB;AAG/C,qBAAgB,oBAAoB;MACnC;MACA;MACA,IAAI;MACJ,CAAC;UAEF,iBAAgB;KACf,GAAG;KACH,GAAG;KACH,IAAI;KACJ;AAGF,WAAO,IAAI,KAAK;KACf,OAAO;KACP,MAAM,gBACL,IAAI,QAAQ,SACZ,cACA;KACD,CAAC;;AAEH,SAAM,SAAS,KACd,wBACA,iBAAiB,sCACjB;;;;;;;;;;EAUF,MAAM,OAAO,MAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;EACtD,IAAI;AACJ,MAAI;AACH,iBAAc,MAAM,IAAI,QAAQ,gBAAgB,WAAW;IAC1D,OAAO;IACP;IACA;IACA,GAAG;IACH,eAAe;IACf,CAAC;AACF,OAAI,CAAC,YACJ,OAAM,SAAS,KACd,eACA,iBAAiB,sBACjB;WAEM,GAAG;AACX,OAAI,eAAe,CAClB,KAAI,QAAQ,OAAO,MAAM,yBAAyB,EAAE;AAErD,OAAI,WAAW,EAAE,CAChB,OAAM;AAEP,OAAI,QAAQ,QAAQ,MAAM,yBAAyB,EAAE;AACrD,SAAM,SAAS,KACd,wBACA,iBAAiB,sBACjB;;AAEF,MAAI,CAAC,YACJ,OAAM,SAAS,KACd,wBACA,iBAAiB,sBACjB;AAEF,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,QAAQ,YAAY;GACpB,YAAY;GACZ,WAAW,YAAY;GACvB,UAAU;GACV,CAAC;AAIF,MAFC,IAAI,QAAQ,QAAQ,mBAAmB,gBACvC,IAAI,QAAQ,QAAQ,iBAAiB,0BACL;GAChC,MAAM,QAAQ,MAAM,6BACnB,IAAI,QAAQ,QACZ,YAAY,OACZ,QACA,IAAI,QAAQ,QAAQ,mBAAmB,UACvC;GACD,MAAM,cAAc,KAAK,cACtB,mBAAmB,KAAK,YAAY,GACpC,mBAAmB,IAAI;GAC1B,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,sBAAsB,MAAM,eAAe;AAE9E,OAAI,IAAI,QAAQ,QAAQ,mBAAmB,sBAC1C,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;IACC,MAAM;IACN;IACA;IACA,EACD,IAAI,QACJ,CACD;;AAIH,MAAI,qCACH,QAAO,IAAI,KAAK;GACf,OAAO;GACP,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY;GAIvD,CAAC;EAGH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,YAAY,IACZ,eAAe,MACf;AACD,MAAI,CAAC,QACJ,OAAM,SAAS,KACd,eACA,iBAAiB,yBACjB;AAEF,QAAM,iBACL,KACA;GACC;GACA,MAAM;GACN,EACD,eAAe,MACf;AACD,SAAO,IAAI,KAAK;GACf,OAAO,QAAQ;GACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY;GAIvD,CAAC;GACD;EAEH"}
1
+ {"version":3,"file":"sign-up.mjs","names":[],"sources":["../../../src/api/routes/sign-up.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { runWithTransaction } from \"@better-auth/core/context\";\nimport { isDevelopment } from \"@better-auth/core/env\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { generateId } from \"@better-auth/core/utils/id\";\nimport * as z from \"zod\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { parseUserInput } from \"../../db\";\nimport { parseUserOutput } from \"../../db/schema\";\nimport type { AdditionalUserFieldsInput, User } from \"../../types\";\nimport { isAPIError } from \"../../utils/is-api-error\";\nimport { formCsrfMiddleware } from \"../middlewares/origin-check\";\nimport { createEmailVerificationToken } from \"./email-verification\";\n\nconst signUpEmailBodySchema = z\n\t.object({\n\t\tname: z.string(),\n\t\temail: z.email(),\n\t\tpassword: z.string().nonempty(),\n\t\timage: z.string().optional(),\n\t\tcallbackURL: z.string().optional(),\n\t\trememberMe: z.boolean().optional(),\n\t})\n\t.and(z.record(z.string(), z.any()));\n\nexport const signUpEmail = <O extends BetterAuthOptions>() =>\n\tcreateAuthEndpoint(\n\t\t\"/sign-up/email\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\toperationId: \"signUpWithEmailAndPassword\",\n\t\t\tuse: [formCsrfMiddleware],\n\t\t\tbody: signUpEmailBodySchema,\n\t\t\tmetadata: {\n\t\t\t\tallowedMediaTypes: [\n\t\t\t\t\t\"application/x-www-form-urlencoded\",\n\t\t\t\t\t\"application/json\",\n\t\t\t\t],\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword: string;\n\t\t\t\t\t\timage?: string | undefined;\n\t\t\t\t\t\tcallbackURL?: string | undefined;\n\t\t\t\t\t\trememberMe?: boolean | undefined;\n\t\t\t\t\t} & AdditionalUserFieldsInput<O>,\n\t\t\t\t\treturned: {} as {\n\t\t\t\t\t\ttoken: string | null;\n\t\t\t\t\t\tuser: User<O[\"user\"], O[\"plugins\"]>;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"signUpWithEmailAndPassword\",\n\t\t\t\t\tdescription: \"Sign up a user using email and password\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The name of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The email of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tpassword: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The password of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The profile image URL of the user\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tcallbackURL: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"The URL to use for email verification callback\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trememberMe: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"If this is false, the session will not be remembered. Default is `true`.\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"name\", \"email\", \"password\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Successfully created user\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Authentication token for the session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The unique identifier of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"email\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The email address of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The name of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The profile image URL of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Whether the email has been verified\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"When the user was created\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"When the user was last updated\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"email\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"name\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"emailVerified\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"user\"], // token is optional\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"422\": {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Unprocessable Entity. User already exists or failed to create user.\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\treturn runWithTransaction(ctx.context.adapter, async () => {\n\t\t\t\tif (\n\t\t\t\t\t!ctx.context.options.emailAndPassword?.enabled ||\n\t\t\t\t\tctx.context.options.emailAndPassword?.disableSignUp\n\t\t\t\t) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\t\tmessage: \"Email and password sign up is not enabled\",\n\t\t\t\t\t\tcode: \"EMAIL_PASSWORD_SIGN_UP_DISABLED\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tconst body = ctx.body as any as User & {\n\t\t\t\t\tpassword: string;\n\t\t\t\t\tcallbackURL?: string | undefined;\n\t\t\t\t\trememberMe?: boolean | undefined;\n\t\t\t\t} & {\n\t\t\t\t\t[key: string]: any;\n\t\t\t\t};\n\t\t\t\tconst {\n\t\t\t\t\tname,\n\t\t\t\t\temail,\n\t\t\t\t\tpassword,\n\t\t\t\t\timage,\n\t\t\t\t\tcallbackURL: _callbackURL,\n\t\t\t\t\trememberMe,\n\t\t\t\t\t...rest\n\t\t\t\t} = body;\n\t\t\t\tconst isValidEmail = z.email().safeParse(email);\n\n\t\t\t\tif (!isValidEmail.success) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t\t}\n\n\t\t\t\tif (!password || typeof password !== \"string\") {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_PASSWORD);\n\t\t\t\t}\n\n\t\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\t\tif (password.length < minPasswordLength) {\n\t\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.PASSWORD_TOO_SHORT,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\t\tif (password.length > maxPasswordLength) {\n\t\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.PASSWORD_TOO_LONG,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst shouldReturnGenericDuplicateResponse =\n\t\t\t\t\tctx.context.options.emailAndPassword.requireEmailVerification;\n\t\t\t\tconst shouldSkipAutoSignIn =\n\t\t\t\t\tctx.context.options.emailAndPassword.autoSignIn === false ||\n\t\t\t\t\tshouldReturnGenericDuplicateResponse;\n\t\t\t\tconst additionalUserFields = parseUserInput(\n\t\t\t\t\tctx.context.options,\n\t\t\t\t\trest,\n\t\t\t\t\t\"create\",\n\t\t\t\t);\n\t\t\t\tconst normalizedEmail = email.toLowerCase();\n\t\t\t\tconst dbUser =\n\t\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(normalizedEmail);\n\t\t\t\tif (dbUser?.user) {\n\t\t\t\t\tctx.context.logger.info(\n\t\t\t\t\t\t`Sign-up attempt for existing email: ${email}`,\n\t\t\t\t\t);\n\t\t\t\t\tif (shouldReturnGenericDuplicateResponse) {\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * Hash the password to reduce timing differences\n\t\t\t\t\t\t * between existing and non-existing emails.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tawait ctx.context.password.hash(password);\n\t\t\t\t\t\tif (ctx.context.options.emailAndPassword?.onExistingUserSignUp) {\n\t\t\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\t\t\tctx.context.options.emailAndPassword.onExistingUserSignUp(\n\t\t\t\t\t\t\t\t\t{ user: dbUser.user },\n\t\t\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst now = new Date();\n\t\t\t\t\t\tconst generatedId =\n\t\t\t\t\t\t\tctx.context.generateId({ model: \"user\" }) || generateId();\n\t\t\t\t\t\tconst coreFields = {\n\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\temail: normalizedEmail,\n\t\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t\t\timage: image || null,\n\t\t\t\t\t\t\tcreatedAt: now,\n\t\t\t\t\t\t\tupdatedAt: now,\n\t\t\t\t\t\t};\n\n\t\t\t\t\t\tconst customSyntheticUser =\n\t\t\t\t\t\t\tctx.context.options.emailAndPassword?.customSyntheticUser;\n\n\t\t\t\t\t\tlet syntheticUser: Record<string, unknown>;\n\t\t\t\t\t\tif (customSyntheticUser) {\n\t\t\t\t\t\t\t// Extract only user-defined additionalFields (not plugin fields)\n\t\t\t\t\t\t\tconst additionalFieldKeys = Object.keys(\n\t\t\t\t\t\t\t\tctx.context.options.user?.additionalFields ?? {},\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tconst additionalFields: Record<string, unknown> = {};\n\t\t\t\t\t\t\tfor (const key of additionalFieldKeys) {\n\t\t\t\t\t\t\t\tif (key in additionalUserFields) {\n\t\t\t\t\t\t\t\t\tadditionalFields[key] = additionalUserFields[key];\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tsyntheticUser = customSyntheticUser({\n\t\t\t\t\t\t\t\tcoreFields,\n\t\t\t\t\t\t\t\tadditionalFields,\n\t\t\t\t\t\t\t\tid: generatedId,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tsyntheticUser = {\n\t\t\t\t\t\t\t\t...coreFields,\n\t\t\t\t\t\t\t\t...additionalUserFields,\n\t\t\t\t\t\t\t\tid: generatedId,\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\ttoken: null,\n\t\t\t\t\t\t\tuser: parseUserOutput(\n\t\t\t\t\t\t\t\tctx.context.options,\n\t\t\t\t\t\t\t\tsyntheticUser as User,\n\t\t\t\t\t\t\t) as User<O[\"user\"], O[\"plugins\"]>,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNPROCESSABLE_ENTITY\",\n\t\t\t\t\t\tBASE_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\t/**\n\t\t\t\t * Hash the password\n\t\t\t\t *\n\t\t\t\t * This is done prior to creating the user\n\t\t\t\t * to ensure that any plugin that\n\t\t\t\t * may break the hashing should break\n\t\t\t\t * before the user is created.\n\t\t\t\t */\n\t\t\t\tconst hash = await ctx.context.password.hash(password);\n\t\t\t\tlet createdUser: User;\n\t\t\t\ttry {\n\t\t\t\t\tcreatedUser = await ctx.context.internalAdapter.createUser({\n\t\t\t\t\t\temail: normalizedEmail,\n\t\t\t\t\t\tname,\n\t\t\t\t\t\timage,\n\t\t\t\t\t\t...additionalUserFields,\n\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t});\n\t\t\t\t\tif (!createdUser) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (isDevelopment()) {\n\t\t\t\t\t\tctx.context.logger.error(\"Failed to create user\", e);\n\t\t\t\t\t}\n\t\t\t\t\tif (isAPIError(e)) {\n\t\t\t\t\t\tthrow e;\n\t\t\t\t\t}\n\t\t\t\t\tctx.context.logger?.error(\"Failed to create user\", e);\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNPROCESSABLE_ENTITY\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (!createdUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"UNPROCESSABLE_ENTITY\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\tuserId: createdUser.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\taccountId: createdUser.id,\n\t\t\t\t\tpassword: hash,\n\t\t\t\t});\n\t\t\t\tconst shouldSendVerificationEmail =\n\t\t\t\t\tctx.context.options.emailVerification?.sendOnSignUp ??\n\t\t\t\t\tctx.context.options.emailAndPassword.requireEmailVerification;\n\t\t\t\tif (shouldSendVerificationEmail) {\n\t\t\t\t\tconst token = await createEmailVerificationToken(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tcreatedUser.email,\n\t\t\t\t\t\tundefined,\n\t\t\t\t\t\tctx.context.options.emailVerification?.expiresIn,\n\t\t\t\t\t);\n\t\t\t\t\tconst callbackURL = body.callbackURL\n\t\t\t\t\t\t? encodeURIComponent(body.callbackURL)\n\t\t\t\t\t\t: encodeURIComponent(\"/\");\n\t\t\t\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${callbackURL}`;\n\n\t\t\t\t\tif (ctx.context.options.emailVerification?.sendVerificationEmail) {\n\t\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tuser: createdUser,\n\t\t\t\t\t\t\t\t\turl,\n\t\t\t\t\t\t\t\t\ttoken,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (shouldSkipAutoSignIn) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\ttoken: null,\n\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, createdUser) as User<\n\t\t\t\t\t\t\tO[\"user\"],\n\t\t\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t\t\t>,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\tcreatedUser.id,\n\t\t\t\t\trememberMe === false,\n\t\t\t\t);\n\t\t\t\tif (!session) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait setSessionCookie(\n\t\t\t\t\tctx,\n\t\t\t\t\t{\n\t\t\t\t\t\tsession,\n\t\t\t\t\t\tuser: createdUser,\n\t\t\t\t\t},\n\t\t\t\t\trememberMe === false,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\ttoken: session.token,\n\t\t\t\t\tuser: parseUserOutput(ctx.context.options, createdUser) as User<\n\t\t\t\t\t\tO[\"user\"],\n\t\t\t\t\t\tO[\"plugins\"]\n\t\t\t\t\t>,\n\t\t\t\t});\n\t\t\t});\n\t\t},\n\t);\n"],"mappings":";;;;;;;;;;;;;;AAeA,MAAM,wBAAwB,EAC5B,OAAO;CACP,MAAM,EAAE,QAAQ;CAChB,OAAO,EAAE,OAAO;CAChB,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC5B,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,YAAY,EAAE,SAAS,CAAC,UAAU;CAClC,CAAC,CACD,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;AAEpC,MAAa,oBACZ,mBACC,kBACA;CACC,QAAQ;CACR,aAAa;CACb,KAAK,CAAC,mBAAmB;CACzB,MAAM;CACN,UAAU;EACT,mBAAmB,CAClB,qCACA,mBACA;EACD,QAAQ;GACP,MAAM,EAAE;GAQR,UAAU,EAAE;GAIZ;EACD,SAAS;GACR,aAAa;GACb,aAAa;GACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,MAAM;MACL,MAAM;MACN,aAAa;MACb;KACD,OAAO;MACN,MAAM;MACN,aAAa;MACb;KACD,UAAU;MACT,MAAM;MACN,aAAa;MACb;KACD,OAAO;MACN,MAAM;MACN,aAAa;MACb;KACD,aAAa;MACZ,MAAM;MACN,aACC;MACD;KACD,YAAY;MACX,MAAM;MACN,aACC;MACD;KACD;IACD,UAAU;KAAC;KAAQ;KAAS;KAAW;IACvC,EACD,EACD,EACD;GACD,WAAW;IACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO;QACN,MAAM;QACN,UAAU;QACV,aAAa;QACb;OACD,MAAM;QACL,MAAM;QACN,YAAY;SACX,IAAI;UACH,MAAM;UACN,aAAa;UACb;SACD,OAAO;UACN,MAAM;UACN,QAAQ;UACR,aAAa;UACb;SACD,MAAM;UACL,MAAM;UACN,aAAa;UACb;SACD,OAAO;UACN,MAAM;UACN,QAAQ;UACR,UAAU;UACV,aAAa;UACb;SACD,eAAe;UACd,MAAM;UACN,aAAa;UACb;SACD,WAAW;UACV,MAAM;UACN,QAAQ;UACR,aAAa;UACb;SACD,WAAW;UACV,MAAM;UACN,QAAQ;UACR,aAAa;UACb;SACD;QACD,UAAU;SACT;SACA;SACA;SACA;SACA;SACA;SACA;QACD;OACD;MACD,UAAU,CAAC,OAAO;MAClB,EACD,EACD;KACD;IACD,OAAO;KACN,aACC;KACD,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;MACD,EACD,EACD;KACD;IACD;GACD;EACD;CACD,EACD,OAAO,QAAQ;AACd,QAAO,mBAAmB,IAAI,QAAQ,SAAS,YAAY;AAC1D,MACC,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,WACvC,IAAI,QAAQ,QAAQ,kBAAkB,cAEtC,OAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;EAEH,MAAM,OAAO,IAAI;EAOjB,MAAM,EACL,MACA,OACA,UACA,OACA,aAAa,cACb,YACA,GAAG,SACA;AAGJ,MAAI,CAFiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAE7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAGnE,MAAI,CAAC,YAAY,OAAO,aAAa,SACpC,OAAM,SAAS,KAAK,eAAe,iBAAiB,iBAAiB;EAGtE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,MAAI,SAAS,SAAS,mBAAmB;AACxC,OAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,SAAM,SAAS,KACd,eACA,iBAAiB,mBACjB;;EAGF,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,MAAI,SAAS,SAAS,mBAAmB;AACxC,OAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,SAAM,SAAS,KACd,eACA,iBAAiB,kBACjB;;EAEF,MAAM,uCACL,IAAI,QAAQ,QAAQ,iBAAiB;EACtC,MAAM,uBACL,IAAI,QAAQ,QAAQ,iBAAiB,eAAe,SACpD;EACD,MAAM,uBAAuB,eAC5B,IAAI,QAAQ,SACZ,MACA,SACA;EACD,MAAM,kBAAkB,MAAM,aAAa;EAC3C,MAAM,SACL,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,gBAAgB;AACnE,MAAI,QAAQ,MAAM;AACjB,OAAI,QAAQ,OAAO,KAClB,uCAAuC,QACvC;AACD,OAAI,sCAAsC;;;;;AAKzC,UAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;AACzC,QAAI,IAAI,QAAQ,QAAQ,kBAAkB,qBACzC,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,iBAAiB,qBACpC,EAAE,MAAM,OAAO,MAAM,EACrB,IAAI,QACJ,CACD;IAEF,MAAM,sBAAM,IAAI,MAAM;IACtB,MAAM,cACL,IAAI,QAAQ,WAAW,EAAE,OAAO,QAAQ,CAAC,IAAI,YAAY;IAC1D,MAAM,aAAa;KAClB;KACA,OAAO;KACP,eAAe;KACf,OAAO,SAAS;KAChB,WAAW;KACX,WAAW;KACX;IAED,MAAM,sBACL,IAAI,QAAQ,QAAQ,kBAAkB;IAEvC,IAAI;AACJ,QAAI,qBAAqB;KAExB,MAAM,sBAAsB,OAAO,KAClC,IAAI,QAAQ,QAAQ,MAAM,oBAAoB,EAAE,CAChD;KACD,MAAM,mBAA4C,EAAE;AACpD,UAAK,MAAM,OAAO,oBACjB,KAAI,OAAO,qBACV,kBAAiB,OAAO,qBAAqB;AAG/C,qBAAgB,oBAAoB;MACnC;MACA;MACA,IAAI;MACJ,CAAC;UAEF,iBAAgB;KACf,GAAG;KACH,GAAG;KACH,IAAI;KACJ;AAGF,WAAO,IAAI,KAAK;KACf,OAAO;KACP,MAAM,gBACL,IAAI,QAAQ,SACZ,cACA;KACD,CAAC;;AAEH,SAAM,SAAS,KACd,wBACA,iBAAiB,sCACjB;;;;;;;;;;EAUF,MAAM,OAAO,MAAM,IAAI,QAAQ,SAAS,KAAK,SAAS;EACtD,IAAI;AACJ,MAAI;AACH,iBAAc,MAAM,IAAI,QAAQ,gBAAgB,WAAW;IAC1D,OAAO;IACP;IACA;IACA,GAAG;IACH,eAAe;IACf,CAAC;AACF,OAAI,CAAC,YACJ,OAAM,SAAS,KACd,eACA,iBAAiB,sBACjB;WAEM,GAAG;AACX,OAAI,eAAe,CAClB,KAAI,QAAQ,OAAO,MAAM,yBAAyB,EAAE;AAErD,OAAI,WAAW,EAAE,CAChB,OAAM;AAEP,OAAI,QAAQ,QAAQ,MAAM,yBAAyB,EAAE;AACrD,SAAM,SAAS,KACd,wBACA,iBAAiB,sBACjB;;AAEF,MAAI,CAAC,YACJ,OAAM,SAAS,KACd,wBACA,iBAAiB,sBACjB;AAEF,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,QAAQ,YAAY;GACpB,YAAY;GACZ,WAAW,YAAY;GACvB,UAAU;GACV,CAAC;AAIF,MAFC,IAAI,QAAQ,QAAQ,mBAAmB,gBACvC,IAAI,QAAQ,QAAQ,iBAAiB,0BACL;GAChC,MAAM,QAAQ,MAAM,6BACnB,IAAI,QAAQ,QACZ,YAAY,OACZ,QACA,IAAI,QAAQ,QAAQ,mBAAmB,UACvC;GACD,MAAM,cAAc,KAAK,cACtB,mBAAmB,KAAK,YAAY,GACpC,mBAAmB,IAAI;GAC1B,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,sBAAsB,MAAM,eAAe;AAE9E,OAAI,IAAI,QAAQ,QAAQ,mBAAmB,sBAC1C,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;IACC,MAAM;IACN;IACA;IACA,EACD,IAAI,QACJ,CACD;;AAIH,MAAI,qBACH,QAAO,IAAI,KAAK;GACf,OAAO;GACP,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY;GAIvD,CAAC;EAGH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,YAAY,IACZ,eAAe,MACf;AACD,MAAI,CAAC,QACJ,OAAM,SAAS,KACd,eACA,iBAAiB,yBACjB;AAEF,QAAM,iBACL,KACA;GACC;GACA,MAAM;GACN,EACD,eAAe,MACf;AACD,SAAO,IAAI,KAAK;GACf,OAAO,QAAQ;GACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY;GAIvD,CAAC;GACD;EAEH"}
package/dist/api/routes/update-session.d.mts CHANGED
@@ -1,5 +1,4 @@
1
1
  import { AdditionalSessionFieldsInput } from "../../types/models.mjs";
2
- import "../../types/index.mjs";
3
2
  import { BetterAuthOptions } from "@better-auth/core";
4
3
  import * as better_call0 from "better-call";
5
4
  import * as z from "zod";
package/dist/api/routes/update-user.d.mts CHANGED
@@ -1,5 +1,4 @@
1
1
  import { AdditionalUserFieldsInput } from "../../types/models.mjs";
2
- import "../../types/index.mjs";
3
2
  import { BetterAuthOptions } from "@better-auth/core";
4
3
  import * as better_call0 from "better-call";
5
4
  import * as z from "zod";
package/dist/api/to-auth-endpoints.mjs CHANGED
@@ -3,6 +3,7 @@ import { hasRequestState, runWithEndpointContext, runWithRequestState } from "@b
3
3
  import { shouldPublishLog } from "@better-auth/core/env";
4
4
  import { APIError } from "@better-auth/core/error";
5
5
  import { createDefu } from "defu";
6
+ import { ATTR_CONTEXT, ATTR_HOOK_TYPE, ATTR_HTTP_ROUTE, ATTR_OPERATION_ID, withSpan } from "@better-auth/core/instrumentation";
6
7
  import { kAPIErrorHeaderSymbol, toResponse } from "better-call";
7
8
 
8
9
  //#region src/api/to-auth-endpoints.ts
@@ -13,12 +14,22 @@ const defuReplaceArrays = createDefu((obj, key, value) => {
13
14
  }
14
15
  });
15
16
  const hooksSourceWeakMap = /* @__PURE__ */ new WeakMap();
17
+ function getOperationId(endpoint, key) {
18
+ if (!endpoint?.options) return key;
19
+ const opts = endpoint.options;
20
+ return opts.operationId ?? opts.metadata?.openapi?.operationId ?? key;
21
+ }
16
22
  function toAuthEndpoints(endpoints, ctx) {
17
23
  const api = {};
18
24
  for (const [key, endpoint] of Object.entries(endpoints)) {
19
25
  api[key] = async (context) => {
26
+ const operationId = getOperationId(endpoint, key);
27
+ const endpointMethod = endpoint?.options?.method;
28
+ const defaultMethod = Array.isArray(endpointMethod) ? endpointMethod[0] : endpointMethod;
20
29
  const run = async () => {
21
30
  const authContext = await ctx;
31
+ const methodName = context?.method ?? context?.request?.method ?? defaultMethod ?? "?";
32
+ const pathName = context?.path ?? endpoint.path ?? "/:virtual";
22
33
  let internalContext = {
23
34
  ...context,
24
35
  context: {
@@ -30,9 +41,12 @@ function toAuthEndpoints(endpoints, ctx) {
30
41
  path: endpoint.path,
31
42
  headers: context?.headers ? new Headers(context?.headers) : void 0
32
43
  };
33
- return runWithEndpointContext(internalContext, async () => {
44
+ return withSpan(`${methodName} ${pathName}`, {
45
+ [ATTR_HTTP_ROUTE]: pathName,
46
+ [ATTR_OPERATION_ID]: operationId
47
+ }, async () => runWithEndpointContext(internalContext, async () => {
34
48
  const { beforeHooks, afterHooks } = getHooks(authContext);
35
- const before = await runBeforeHooks(internalContext, beforeHooks);
49
+ const before = await runBeforeHooks(internalContext, beforeHooks, endpoint, operationId);
36
50
  /**
37
51
  * If `before.context` is returned, it should
38
52
  * get merged with the original context
@@ -55,7 +69,10 @@ function toAuthEndpoints(endpoints, ctx) {
55
69
  internalContext.asResponse = false;
56
70
  internalContext.returnHeaders = true;
57
71
  internalContext.returnStatus = true;
58
- const result = await runWithEndpointContext(internalContext, () => endpoint(internalContext)).catch((e) => {
72
+ const result = await runWithEndpointContext(internalContext, () => withSpan(`handler ${pathName}`, {
73
+ [ATTR_HTTP_ROUTE]: pathName,
74
+ [ATTR_OPERATION_ID]: operationId
75
+ }, () => endpoint(internalContext))).catch((e) => {
59
76
  if (isAPIError(e))
60
77
  /**
61
78
  * API Errors from response are caught
@@ -71,7 +88,7 @@ function toAuthEndpoints(endpoints, ctx) {
71
88
  if (result && result instanceof Response) return result;
72
89
  internalContext.context.returned = result.response;
73
90
  internalContext.context.responseHeaders = result.headers;
74
- const after = await runAfterHooks(internalContext, afterHooks);
91
+ const after = await runAfterHooks(internalContext, afterHooks, endpoint, operationId);
75
92
  if (after.response) result.response = after.response;
76
93
  if (isAPIError(result.response) && shouldPublishLog(authContext.logger.level, "debug")) result.response.stack = result.response.errorStack;
77
94
  if (isAPIError(result.response) && !context?.asResponse) throw result.response;
@@ -89,7 +106,7 @@ function toAuthEndpoints(endpoints, ctx) {
89
106
  response: result.response,
90
107
  status: result.status
91
108
  } : result.response;
92
- });
109
+ }));
93
110
  };
94
111
  if (await hasRequestState()) return run();
95
112
  else return runWithRequestState(/* @__PURE__ */ new WeakMap(), run);
@@ -99,7 +116,7 @@ function toAuthEndpoints(endpoints, ctx) {
99
116
  }
100
117
  return api;
101
118
  }
102
- async function runBeforeHooks(context, hooks) {
119
+ async function runBeforeHooks(context, hooks, endpoint, operationId) {
103
120
  let modifiedContext = {};
104
121
  for (const hook of hooks) {
105
122
  let matched = false;
@@ -111,10 +128,17 @@ async function runBeforeHooks(context, hooks) {
111
128
  throw new APIError("INTERNAL_SERVER_ERROR", { message: `An error occurred during hook matcher execution. Check the logs for more details.` });
112
129
  }
113
130
  if (matched) {
114
- const result = await hook.handler({
131
+ const hookSource = hooksSourceWeakMap.get(hook.handler) ?? "unknown";
132
+ const path = context.path ?? endpoint?.path ?? "/:virtual";
133
+ const result = await withSpan(`hook before ${path} ${hookSource}`, {
134
+ [ATTR_HOOK_TYPE]: "before",
135
+ [ATTR_HTTP_ROUTE]: path,
136
+ [ATTR_CONTEXT]: hookSource,
137
+ [ATTR_OPERATION_ID]: operationId
138
+ }, () => hook.handler({
115
139
  ...context,
116
140
  returnHeaders: false
117
- }).catch((e) => {
141
+ })).catch((e) => {
118
142
  if (isAPIError(e) && shouldPublishLog(context.context.logger.level, "debug")) e.stack = e.errorStack;
119
143
  throw e;
120
144
  });
@@ -134,9 +158,16 @@ async function runBeforeHooks(context, hooks) {
134
158
  }
135
159
  return { context: modifiedContext };
136
160
  }
137
- async function runAfterHooks(context, hooks) {
161
+ async function runAfterHooks(context, hooks, endpoint, operationId) {
138
162
  for (const hook of hooks) if (hook.matcher(context)) {
139
- const result = await hook.handler(context).catch((e) => {
163
+ const hookSource = hooksSourceWeakMap.get(hook.handler) ?? "unknown";
164
+ const path = context.path ?? endpoint?.path ?? "/:virtual";
165
+ const result = await withSpan(`hook after ${path} ${hookSource}`, {
166
+ [ATTR_HOOK_TYPE]: "after",
167
+ [ATTR_HTTP_ROUTE]: path,
168
+ [ATTR_CONTEXT]: hookSource,
169
+ [ATTR_OPERATION_ID]: operationId
170
+ }, () => hook.handler(context)).catch((e) => {
140
171
  if (isAPIError(e)) {
141
172
  const headers = e[kAPIErrorHeaderSymbol];
142
173
  if (shouldPublishLog(context.context.logger.level, "debug")) e.stack = e.errorStack;
@@ -179,8 +210,14 @@ function getHooks(authContext) {
179
210
  handler: afterHookHandler
180
211
  });
181
212
  }
182
- const pluginBeforeHooks = plugins.filter((plugin) => plugin.hooks?.before).map((plugin) => plugin.hooks?.before).flat();
183
- const pluginAfterHooks = plugins.filter((plugin) => plugin.hooks?.after).map((plugin) => plugin.hooks?.after).flat();
213
+ const pluginBeforeHooks = plugins.flatMap((plugin) => (plugin.hooks?.before ?? []).map((h) => {
214
+ hooksSourceWeakMap.set(h.handler, `plugin:${plugin.id}`);
215
+ return h;
216
+ }));
217
+ const pluginAfterHooks = plugins.flatMap((plugin) => (plugin.hooks?.after ?? []).map((h) => {
218
+ hooksSourceWeakMap.set(h.handler, `plugin:${plugin.id}`);
219
+ return h;
220
+ }));
184
221
  /**
185
222
  * Add plugin added hooks at last
186
223
  */