better-auth 1.6.9 → 1.6.11

package/dist/plugins/siwe/index.mjs

@@ -9,195 +9,209 @@ import { schema } from "./schema.mjs";
 import { createAuthEndpoint } from "@better-auth/core/api";
 import * as z from "zod";
 //#region src/plugins/siwe/index.ts
+const walletAddressInputSchema = z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42);
 const getSiweNonceBodySchema = z.object({
-	walletAddress: z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
+	walletAddress: walletAddressInputSchema.optional(),
+	address: walletAddressInputSchema.optional(),
 	chainId: z.number().int().positive().optional().default(1)
+}).refine((body) => body.walletAddress || body.address, {
+	message: "walletAddress or address is required",
+	path: ["walletAddress"]
 });
-const siwe = (options) => ({
-	id: "siwe",
-	version: PACKAGE_VERSION,
-	schema: mergeSchema(schema, options?.schema),
-	endpoints: {
-		getSiweNonce: createAuthEndpoint("/siwe/nonce", {
-			method: "POST",
-			body: getSiweNonceBodySchema
-		}, async (ctx) => {
-			const { walletAddress: rawWalletAddress, chainId } = ctx.body;
-			const walletAddress = toChecksumAddress(rawWalletAddress);
-			const nonce = await options.getNonce();
-			await ctx.context.internalAdapter.createVerificationValue({
-				identifier: `siwe:${walletAddress}:${chainId}`,
-				value: nonce,
-				expiresAt: new Date(Date.now() + 900 * 1e3)
-			});
-			return ctx.json({ nonce });
-		}),
-		verifySiweMessage: createAuthEndpoint("/siwe/verify", {
-			method: "POST",
-			body: z.object({
-				message: z.string().min(1),
-				signature: z.string().min(1),
-				walletAddress: z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
-				chainId: z.number().int().positive().optional().default(1),
-				email: z.email().optional()
-			}).refine((data) => options.anonymous !== false || !!data.email, {
-				message: "Email is required when the anonymous plugin option is disabled.",
-				path: ["email"]
-			}),
-			requireRequest: true
-		}, async (ctx) => {
-			const { message, signature, walletAddress: rawWalletAddress, chainId, email } = ctx.body;
-			const walletAddress = toChecksumAddress(rawWalletAddress);
-			const isAnon = options.anonymous ?? true;
-			if (!isAnon && !email) throw APIError.fromStatus("BAD_REQUEST", {
-				message: "Email is required when anonymous is disabled.",
-				status: 400
-			});
-			try {
-				const verification = await ctx.context.internalAdapter.findVerificationValue(`siwe:${walletAddress}:${chainId}`);
-				if (!verification || /* @__PURE__ */ new Date() > verification.expiresAt) throw APIError.fromStatus("UNAUTHORIZED", {
-					message: "Unauthorized: Invalid or expired nonce",
-					status: 401,
-					code: "UNAUTHORIZED_INVALID_OR_EXPIRED_NONCE"
+const siwe = (options) => {
+	const createSiweNonceEndpoint = (path) => createAuthEndpoint(path, {
+		method: "POST",
+		body: getSiweNonceBodySchema
+	}, async (ctx) => {
+		const rawWalletAddress = ctx.body.walletAddress ?? ctx.body.address;
+		if (!rawWalletAddress) throw APIError.fromStatus("BAD_REQUEST", {
+			message: "walletAddress or address is required",
+			status: 400
+		});
+		const { chainId } = ctx.body;
+		const walletAddress = toChecksumAddress(rawWalletAddress);
+		const nonce = await options.getNonce();
+		await ctx.context.internalAdapter.createVerificationValue({
+			identifier: `siwe:${walletAddress}:${chainId}`,
+			value: nonce,
+			expiresAt: new Date(Date.now() + 900 * 1e3)
+		});
+		return ctx.json({ nonce });
+	});
+	return {
+		id: "siwe",
+		version: PACKAGE_VERSION,
+		schema: mergeSchema(schema, options?.schema),
+		endpoints: {
+			getSiweNonce: createSiweNonceEndpoint("/siwe/nonce"),
+			getNonce: createSiweNonceEndpoint("/siwe/get-nonce"),
+			verifySiweMessage: createAuthEndpoint("/siwe/verify", {
+				method: "POST",
+				body: z.object({
+					message: z.string().min(1),
+					signature: z.string().min(1),
+					walletAddress: z.string().regex(/^0[xX][a-fA-F0-9]{40}$/i).length(42),
+					chainId: z.number().int().positive().optional().default(1),
+					email: z.email().optional()
+				}).refine((data) => options.anonymous !== false || !!data.email, {
+					message: "Email is required when the anonymous plugin option is disabled.",
+					path: ["email"]
+				}),
+				requireRequest: true
+			}, async (ctx) => {
+				const { message, signature, walletAddress: rawWalletAddress, chainId, email } = ctx.body;
+				const walletAddress = toChecksumAddress(rawWalletAddress);
+				const isAnon = options.anonymous ?? true;
+				if (!isAnon && !email) throw APIError.fromStatus("BAD_REQUEST", {
+					message: "Email is required when anonymous is disabled.",
+					status: 400
 				});
-				const { value: nonce } = verification;
-				if (!await options.verifyMessage({
-					message,
-					signature,
-					address: walletAddress,
-					chainId,
-					cacao: {
-						h: { t: "caip122" },
-						p: {
-							domain: options.domain,
-							aud: options.domain,
-							nonce,
-							iss: options.domain,
-							version: "1"
-						},
-						s: {
-							t: "eip191",
-							s: signature
+				try {
+					const verification = await ctx.context.internalAdapter.findVerificationValue(`siwe:${walletAddress}:${chainId}`);
+					if (!verification || /* @__PURE__ */ new Date() > verification.expiresAt) throw APIError.fromStatus("UNAUTHORIZED", {
+						message: "Unauthorized: Invalid or expired nonce",
+						status: 401,
+						code: "UNAUTHORIZED_INVALID_OR_EXPIRED_NONCE"
+					});
+					const { value: nonce } = verification;
+					if (!await options.verifyMessage({
+						message,
+						signature,
+						address: walletAddress,
+						chainId,
+						cacao: {
+							h: { t: "caip122" },
+							p: {
+								domain: options.domain,
+								aud: options.domain,
+								nonce,
+								iss: options.domain,
+								version: "1"
+							},
+							s: {
+								t: "eip191",
+								s: signature
+							}
 						}
-					}
-				})) throw APIError.fromStatus("UNAUTHORIZED", {
-					message: "Unauthorized: Invalid SIWE signature",
-					status: 401
-				});
-				await ctx.context.internalAdapter.deleteVerificationByIdentifier(`siwe:${walletAddress}:${chainId}`);
-				let user = null;
-				const existingWalletAddress = await ctx.context.adapter.findOne({
-					model: "walletAddress",
-					where: [{
-						field: "address",
-						operator: "eq",
-						value: walletAddress
-					}, {
-						field: "chainId",
-						operator: "eq",
-						value: chainId
-					}]
-				});
-				if (existingWalletAddress) user = await ctx.context.adapter.findOne({
-					model: "user",
-					where: [{
-						field: "id",
-						operator: "eq",
-						value: existingWalletAddress.userId
-					}]
-				});
-				else {
-					const anyWalletAddress = await ctx.context.adapter.findOne({
+					})) throw APIError.fromStatus("UNAUTHORIZED", {
+						message: "Unauthorized: Invalid SIWE signature",
+						status: 401
+					});
+					await ctx.context.internalAdapter.deleteVerificationByIdentifier(`siwe:${walletAddress}:${chainId}`);
+					let user = null;
+					const existingWalletAddress = await ctx.context.adapter.findOne({
 						model: "walletAddress",
 						where: [{
 							field: "address",
 							operator: "eq",
 							value: walletAddress
+						}, {
+							field: "chainId",
+							operator: "eq",
+							value: chainId
 						}]
 					});
-					if (anyWalletAddress) user = await ctx.context.adapter.findOne({
+					if (existingWalletAddress) user = await ctx.context.adapter.findOne({
 						model: "user",
 						where: [{
 							field: "id",
 							operator: "eq",
-							value: anyWalletAddress.userId
+							value: existingWalletAddress.userId
 						}]
 					});
-				}
-				if (!user) {
-					const domain = options.emailDomainName ?? getOrigin(ctx.context.baseURL);
-					const userEmail = !isAnon && email ? email : `${walletAddress}@${domain}`;
-					const { name, avatar } = await options.ensLookup?.({ walletAddress }) ?? {};
-					user = await ctx.context.internalAdapter.createUser({
-						name: name ?? walletAddress,
-						email: userEmail,
-						image: avatar ?? ""
-					});
-					await ctx.context.adapter.create({
-						model: "walletAddress",
-						data: {
+					else {
+						const anyWalletAddress = await ctx.context.adapter.findOne({
+							model: "walletAddress",
+							where: [{
+								field: "address",
+								operator: "eq",
+								value: walletAddress
+							}]
+						});
+						if (anyWalletAddress) user = await ctx.context.adapter.findOne({
+							model: "user",
+							where: [{
+								field: "id",
+								operator: "eq",
+								value: anyWalletAddress.userId
+							}]
+						});
+					}
+					if (!user) {
+						const domain = options.emailDomainName ?? getOrigin(ctx.context.baseURL);
+						const userEmail = !isAnon && email ? email : `${walletAddress}@${domain}`;
+						const { name, avatar } = await options.ensLookup?.({ walletAddress }) ?? {};
+						user = await ctx.context.internalAdapter.createUser({
+							name: name ?? walletAddress,
+							email: userEmail,
+							image: avatar ?? ""
+						});
+						await ctx.context.adapter.create({
+							model: "walletAddress",
+							data: {
+								userId: user.id,
+								address: walletAddress,
+								chainId,
+								isPrimary: true,
+								createdAt: /* @__PURE__ */ new Date()
+							}
+						});
+						await ctx.context.internalAdapter.createAccount({
 							userId: user.id,
-							address: walletAddress,
-							chainId,
-							isPrimary: true,
-							createdAt: /* @__PURE__ */ new Date()
-						}
+							providerId: "siwe",
+							accountId: `${walletAddress}:${chainId}`,
+							createdAt: /* @__PURE__ */ new Date(),
+							updatedAt: /* @__PURE__ */ new Date()
+						});
+					} else if (!existingWalletAddress) {
+						await ctx.context.adapter.create({
+							model: "walletAddress",
+							data: {
+								userId: user.id,
+								address: walletAddress,
+								chainId,
+								isPrimary: false,
+								createdAt: /* @__PURE__ */ new Date()
+							}
+						});
+						await ctx.context.internalAdapter.createAccount({
+							userId: user.id,
+							providerId: "siwe",
+							accountId: `${walletAddress}:${chainId}`,
+							createdAt: /* @__PURE__ */ new Date(),
+							updatedAt: /* @__PURE__ */ new Date()
+						});
+					}
+					const session = await ctx.context.internalAdapter.createSession(user.id);
+					if (!session) throw APIError.fromStatus("INTERNAL_SERVER_ERROR", {
+						message: "Internal Server Error",
+						status: 500
 					});
-					await ctx.context.internalAdapter.createAccount({
-						userId: user.id,
-						providerId: "siwe",
-						accountId: `${walletAddress}:${chainId}`,
-						createdAt: /* @__PURE__ */ new Date(),
-						updatedAt: /* @__PURE__ */ new Date()
+					await setSessionCookie(ctx, {
+						session,
+						user
 					});
-				} else if (!existingWalletAddress) {
-					await ctx.context.adapter.create({
-						model: "walletAddress",
-						data: {
-							userId: user.id,
-							address: walletAddress,
-							chainId,
-							isPrimary: false,
-							createdAt: /* @__PURE__ */ new Date()
+					return ctx.json({
+						token: session.token,
+						success: true,
+						user: {
+							id: user.id,
+							walletAddress,
+							chainId
 						}
 					});
-					await ctx.context.internalAdapter.createAccount({
-						userId: user.id,
-						providerId: "siwe",
-						accountId: `${walletAddress}:${chainId}`,
-						createdAt: /* @__PURE__ */ new Date(),
-						updatedAt: /* @__PURE__ */ new Date()
+				} catch (error) {
+					if (isAPIError(error)) throw error;
+					throw APIError.fromStatus("UNAUTHORIZED", {
+						message: "Something went wrong. Please try again later.",
+						error: error instanceof Error ? error.message : "Unknown error",
+						status: 401
 					});
 				}
-				const session = await ctx.context.internalAdapter.createSession(user.id);
-				if (!session) throw APIError.fromStatus("INTERNAL_SERVER_ERROR", {
-					message: "Internal Server Error",
-					status: 500
-				});
-				await setSessionCookie(ctx, {
-					session,
-					user
-				});
-				return ctx.json({
-					token: session.token,
-					success: true,
-					user: {
-						id: user.id,
-						walletAddress,
-						chainId
-					}
-				});
-			} catch (error) {
-				if (isAPIError(error)) throw error;
-				throw APIError.fromStatus("UNAUTHORIZED", {
-					message: "Something went wrong. Please try again later.",
-					error: error instanceof Error ? error.message : "Unknown error",
-					status: 401
-				});
-			}
-		})
-	},
-	options
-});
+			})
+		},
+		options
+	};
+};
 //#endregion
 export { siwe };

package/dist/plugins/username/index.d.mts

@@ -151,10 +151,19 @@ declare const username: (options?: UsernameOptions | undefined) => {
                   schema: {
                     type: "object";
                     properties: {
+                      redirect: {
+                        type: string;
+                        description: string;
+                      };
                       token: {
                         type: string;
                         description: string;
                       };
+                      url: {
+                        type: string;
+                        nullable: boolean;
+                        description: string;
+                      };
                       user: {
                         $ref: string;
                       };
@@ -183,7 +192,9 @@ declare const username: (options?: UsernameOptions | undefined) => {
         };
       };
     }, {
+      redirect: boolean;
       token: string;
+      url: string | undefined;
       user: {
         id: string;
         createdAt: Date;

package/dist/plugins/username/index.mjs

@@ -16,7 +16,7 @@ const signInUsernameBodySchema = z.object({
 	username: z.string().meta({ description: "The username of the user" }),
 	password: z.string().meta({ description: "The password of the user" }),
 	rememberMe: z.boolean().meta({ description: "Remember the user session" }).optional(),
-	callbackURL: z.string().meta({ description: "The URL to redirect to after email verification" }).optional()
+	callbackURL: z.string().meta({ description: "URL to redirect to after sign in (also used as the redirect target for email verification when required)" }).optional()
 });
 const isUsernameAvailableBodySchema = z.object({ username: z.string().meta({ description: "The username to check" }) });
 const username = (options) => {
@@ -66,13 +66,26 @@ const username = (options) => {
 							content: { "application/json": { schema: {
 								type: "object",
 								properties: {
+									redirect: {
+										type: "boolean",
+										description: "Whether the client should follow the Location header. True when callbackURL was provided."
+									},
 									token: {
 										type: "string",
 										description: "Session token for the authenticated session"
 									},
+									url: {
+										type: "string",
+										nullable: true,
+										description: "The callbackURL echoed back so the client can redirect."
+									},
 									user: { $ref: "#/components/schemas/User" }
 								},
-								required: ["token", "user"]
+								required: [
+									"redirect",
+									"token",
+									"user"
+								]
 							} } }
 						},
 						422: {
@@ -155,8 +168,11 @@ const username = (options) => {
 					session,
 					user
 				}, ctx.body.rememberMe === false);
+				if (ctx.body.callbackURL) ctx.setHeader("Location", ctx.body.callbackURL);
 				return ctx.json({
+					redirect: !!ctx.body.callbackURL,
 					token: session.token,
+					url: ctx.body.callbackURL,
 					user: parseUserOutput(ctx.context.options, user)
 				});
 			}),

package/dist/test-utils/test-instance.d.mts

@@ -190,7 +190,6 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
                       };
                       redirect: {
                         type: string;
-                        enum: boolean[];
                       };
                     };
                     required: string[];
@@ -2193,7 +2192,6 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
                       };
                       redirect: {
                         type: string;
-                        enum: boolean[];
                       };
                     };
                     required: string[];
@@ -4199,7 +4197,6 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
                           };
                           redirect: {
                             type: string;
-                            enum: boolean[];
                           };
                         };
                         required: string[];
@@ -6202,7 +6199,6 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
                           };
                           redirect: {
                             type: string;
-                            enum: boolean[];
                           };
                         };
                         required: string[];
@@ -8279,7 +8275,6 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
                           };
                           redirect: {
                             type: string;
-                            enum: boolean[];
                           };
                         };
                         required: string[];
@@ -10282,7 +10277,6 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
                           };
                           redirect: {
                             type: string;
-                            enum: boolean[];
                           };
                         };
                         required: string[];
@@ -12157,6 +12151,7 @@ declare function getTestInstance<O extends Partial<BetterAuthOptions>, C extends
       USER_ALREADY_EXISTS: _better_auth_core_utils_error_codes0.RawError<"USER_ALREADY_EXISTS">;
       USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: _better_auth_core_utils_error_codes0.RawError<"USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL">;
       EMAIL_CAN_NOT_BE_UPDATED: _better_auth_core_utils_error_codes0.RawError<"EMAIL_CAN_NOT_BE_UPDATED">;
+      CHANGE_EMAIL_DISABLED: _better_auth_core_utils_error_codes0.RawError<"CHANGE_EMAIL_DISABLED">;
       CREDENTIAL_ACCOUNT_NOT_FOUND: _better_auth_core_utils_error_codes0.RawError<"CREDENTIAL_ACCOUNT_NOT_FOUND">;
       ACCOUNT_NOT_FOUND: _better_auth_core_utils_error_codes0.RawError<"ACCOUNT_NOT_FOUND">;
       SESSION_EXPIRED: _better_auth_core_utils_error_codes0.RawError<"SESSION_EXPIRED">;

package/dist/test-utils/test-instance.mjs

@@ -7,6 +7,7 @@ import { createAuthClient } from "../client/vanilla.mjs";
 import { bearer } from "../plugins/bearer/index.mjs";
 import { sql } from "kysely";
 import { AsyncLocalStorage } from "node:async_hooks";
+import { randomUUID } from "node:crypto";
 import { afterAll } from "vitest";
 //#region src/test-utils/test-instance.ts
 const cleanupSet = /* @__PURE__ */ new Set();
@@ -19,10 +20,17 @@ afterAll(async () => {
 });
 async function getTestInstance(options, config) {
 	const testWith = config?.testWith || "sqlite";
+	const postgresSchema = testWith === "postgres" ? `ba_test_${randomUUID().replaceAll("-", "_")}` : void 0;
+	const quotePostgresIdentifier = (identifier) => `"${identifier.replaceAll("\"", "\"\"")}"`;
 	async function getPostgres() {
 		const { Kysely, PostgresDialect } = await import("kysely");
 		const { Pool } = await import("pg");
-		return new Kysely({ dialect: new PostgresDialect({ pool: new Pool({ connectionString: "postgres://user:password@localhost:5432/better_auth" }) }) });
+		const pool = new Pool({
+			connectionString: "postgres://user:password@localhost:5432/better_auth",
+			options: postgresSchema ? `-c search_path=${postgresSchema},public` : void 0
+		});
+		if (postgresSchema) await pool.query(`CREATE SCHEMA IF NOT EXISTS ${quotePostgresIdentifier(postgresSchema)}`);
+		return new Kysely({ dialect: new PostgresDialect({ pool }) });
 	}
 	async function getSqlite() {
 		const { DatabaseSync } = await import("node:sqlite");
@@ -103,7 +111,8 @@ async function getTestInstance(options, config) {
 		}
 		if (testWith === "postgres") {
 			const postgres = await getPostgres();
-			await sql`DROP SCHEMA public CASCADE; CREATE SCHEMA public;`.execute(postgres);
+			if (postgresSchema) await sql.raw(`DROP SCHEMA IF EXISTS ${quotePostgresIdentifier(postgresSchema)} CASCADE`).execute(postgres);
+			else await sql`DROP SCHEMA public CASCADE; CREATE SCHEMA public;`.execute(postgres);
 			await postgres.destroy();
 			return;
 		}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "1.6.9",
+  "version": "1.6.11",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "license": "MIT",
@@ -486,16 +486,16 @@
     "better-call": "1.3.5",
     "defu": "^6.1.4",
     "jose": "^6.1.3",
-    "kysely": "^0.28.14",
+    "kysely": "^0.28.17",
     "nanostores": "^1.1.1",
     "zod": "^4.3.6",
-    "@better-auth/core": "1.6.9",
-    "@better-auth/drizzle-adapter": "1.6.9",
-    "@better-auth/kysely-adapter": "1.6.9",
-    "@better-auth/memory-adapter": "1.6.9",
-    "@better-auth/mongo-adapter": "1.6.9",
-    "@better-auth/prisma-adapter": "1.6.9",
-    "@better-auth/telemetry": "1.6.9"
+    "@better-auth/core": "1.6.11",
+    "@better-auth/drizzle-adapter": "1.6.11",
+    "@better-auth/kysely-adapter": "1.6.11",
+    "@better-auth/memory-adapter": "1.6.11",
+    "@better-auth/mongo-adapter": "1.6.11",
+    "@better-auth/prisma-adapter": "1.6.11",
+    "@better-auth/telemetry": "1.6.11"
   },
   "devDependencies": {
     "@lynx-js/react": "^0.116.3",
@@ -520,7 +520,7 @@
     "tsdown": "0.21.1",
     "type-fest": "^5.4.4",
     "typescript": "^5.9.3",
-    "vitest": "^4.0.18",
+    "vitest": "^4.1.5",
     "vue": "^3.5.29"
   },
   "peerDependencies": {