better-near-auth 0.2.4 → 0.3.0

package/README.md

@@ -13,7 +13,7 @@
 
 </div>
 
-This [Better Auth](https://better-auth.com) plugin enables secure authentication via NEAR wallets and keypairs by following the [NEP-413 standard](https://github.com/near/NEPs/blob/master/neps/nep-0413.md). It leverages [near-sign-verify](https://github.com/elliotBraem/near-sign-verify) and [fastintear](https://github.com/elliotBraem/fastintear) to provide a complete drop-in solution with session management, secure defaults, and automatic profile integration.
+This [Better Auth](https://better-auth.com) plugin enables secure authentication via NEAR wallets and keypairs by following the [NEP-413 standard](https://github.com/near/NEPs/blob/master/neps/nep-0413.md). It leverages [near-sign-verify](https://github.com/elliotBraem/near-sign-verify), [near-kit](https://kit.near.tools/), and [Hot Connect](https://github.com/azbang/hot-connector) to provide a complete drop-in solution with session management, secure defaults, and automatic profile integration.
 
 ## Installation
 
@@ -112,7 +112,7 @@ export function LoginButton() {
   const [isConnectingWallet, setIsConnectingWallet] = useState(false);
   const [isSigningIn, setIsSigningIn] = useState(false);
   
-  // Get account ID from embedded fastintear client
+  // Get account ID from near-kit client
   const accountId = authClient.near.getAccountId();
 
   if (session) {
@@ -277,7 +277,7 @@ The client plugin provides the following actions:
 - `nonce(params)` - Request a nonce from the server
 - `verify(params)` - Verify an auth token with the server
 - `getProfile(accountId?)` - Get user profile from NEAR Social
-- `getNearClient()` - Get the embedded fastintear client
+- `getNearClient()` - Get the near-kit client instance
 - `getAccountId()` - Get the currently connected account ID
 - `disconnect()` - Disconnect wallet and clear cached data
 
@@ -427,7 +427,7 @@ export const authClient = createAuthClient({
 
 1. **"Wallet not connected"**
    - You must call `requestSignIn.near()` before `signIn.near()`
-   - Check that the embedded fastintear client is properly initialized
+   - Check that the near-kit client is properly initialized
 
 2. **"No valid nonce found"**
    - Ensure `requestSignIn.near()` completed successfully before calling `signIn.near()`
@@ -452,5 +452,6 @@ export const authClient = createAuthClient({
 * [NEAR Protocol](https://near.org)
 * [NEP-413 Specification](https://github.com/near/NEPs/blob/master/neps/nep-0413.md)
 * [near-sign-verify](https://github.com/elliotBraem/near-sign-verify)
-* [fastintear](https://github.com/elliotBraem/fastintear)
+* [near-kit](https://kit.near.tools/)
+* [Hot Connect](https://github.com/azbang/hot-connector)
 * [Example Implementation](https://better-near-auth.near.page)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-near-auth",
-  "version": "0.2.4",
+  "version": "0.3.0",
   "description": "Sign in with NEAR (SIWN) plugin for Better Auth",
   "main": "src/index.ts",
   "module": "src/index.ts",
@@ -47,15 +47,16 @@
     "typescript": "^5.7.0"
   },
   "dependencies": {
-    "fastintear": "^0.3.8",
+    "@hot-labs/near-connect": "^latest",
     "nanostores": "^1.0.1",
+    "near-kit": "^latest",
     "near-sign-verify": "^0.4.5",
     "zod": "^4.1.12"
   },
   "devDependencies": {
     "@types/bun": "latest",
     "@types/node": "^24.9.2",
-    "better-auth": "^1.3.34",
+    "better-auth": "^1.4.4",
     "typescript": "^5.9.3",
     "vitest": "^3.2.4"
   },

package/src/client.ts

@@ -1,10 +1,12 @@
+import { NearConnector } from "@hot-labs/near-connect";
+import type { Account, NearWalletBase } from "@hot-labs/near-connect/build/types/wallet";
 import type { BetterAuthClientPlugin, BetterFetch, BetterFetchOption, BetterFetchResponse } from "better-auth/client";
-import { createNearClient } from "fastintear";
-import { base64ToBytes } from "fastintear/utils";
 import { atom } from "nanostores";
-import { parseAuthToken, sign } from "near-sign-verify";
+import { Near, fromHotConnect } from "near-kit";
+import { sign } from "near-sign-verify";
 import type { siwn } from ".";
 import { type AccountId, type NonceRequestT, type NonceResponseT, type ProfileResponseT, type VerifyRequestT, type VerifyResponseT } from "./types";
+import { base64ToBytes } from "./utils";
 
 export interface AuthCallbacks {
 	onSuccess?: () => void;
@@ -30,7 +32,7 @@ export interface SIWNClientActions {
 		nonce: (params: NonceRequestT) => Promise<BetterFetchResponse<NonceResponseT>>;
 		verify: (params: VerifyRequestT) => Promise<BetterFetchResponse<VerifyResponseT>>;
 		getProfile: (accountId?: AccountId) => Promise<BetterFetchResponse<ProfileResponseT>>;
-		getNearClient: () => ReturnType<typeof createNearClient>;
+		getNearClient: () => Near;
 		getAccountId: () => string | null;
 		getState: () => { accountId: string | null; publicKey: string | null; networkId: string } | null;
 		disconnect: () => Promise<void>;
@@ -56,10 +58,24 @@ export interface SIWNClientPlugin extends BetterAuthClientPlugin {
 	getActions: ($fetch: BetterFetch) => SIWNClientActions;
 }
 
+
 export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 	const cachedNonce = atom<CachedNonceData | null>(null);
 	const nearState = atom<{ accountId: string | null; publicKey: string | null; networkId: string } | null>(null);
 
+	// Initialize Hot Connect connector
+	const network = config.networkId || "mainnet";
+	const connector = new NearConnector({ network });
+
+	// Public Near instance for read-only access
+	const publicNear = new Near({ network });
+
+	// Near instance will be created after wallet connection
+	let nearInstance: Near | null = null;
+	let connectionPromise: Promise<void> | null = null;
+	let connectionResolve: (() => void) | null = null;
+	let connectionReject: ((error: Error) => void) | null = null;
+
 	const clearNonce = () => {
 		cachedNonce.set(null);
 	};
@@ -71,6 +87,66 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 		return (now - nonceData.timestamp) < fiveMinutes;
 	};
 
+	const handleAccountConnection = async (accounts: Account[]) => {
+		try {
+			const accountId = accounts?.[0]?.accountId;
+			if (!accountId) return;
+
+			// Create Near instance with Hot Connect wallet adapter
+			nearInstance = new Near({
+				network,
+				wallet: fromHotConnect(connector),
+			});
+
+			// Update state with account info
+			nearState.set({
+				accountId,
+				publicKey: accounts?.[0]?.publicKey || null,
+				networkId: network
+			});
+
+			// Resolve connection promise if it exists
+			if (connectionResolve) {
+				connectionResolve();
+				connectionResolve = null;
+				connectionReject = null;
+			}
+		} catch (error) {
+			const err = error instanceof Error ? error : new Error(String(error));
+			if (connectionReject) {
+				connectionReject(err);
+				connectionResolve = null;
+				connectionReject = null;
+			}
+		}
+	};
+
+	// Check for existing connection immediately
+	connector.getConnectedWallet().then((result: {
+		wallet: NearWalletBase;
+		accounts: Account[];
+	}) => {
+		if (result && result.accounts && result.accounts.length > 0) {
+			handleAccountConnection(result.accounts);
+		}
+	}).catch(() => {
+		// Ignore errors on initial check
+	});
+
+	// Set up event listeners for Hot Connect
+	// Per documentation: connector.on("wallet:signIn", async (t) => { const address = t.accounts[0].accountId; })
+	connector.on("wallet:signIn", async (data) => {
+		if (data?.accounts) {
+			await handleAccountConnection(data.accounts);
+		}
+	});
+
+	connector.on("wallet:signOut", () => {
+		nearInstance = null;
+		nearState.set(null);
+		clearNonce();
+	});
+
 	return {
 		id: "siwn",
 		$InferServerPlugin: {} as ReturnType<typeof siwn>,
@@ -81,25 +157,6 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 		}),
 
 		getActions: ($fetch): SIWNClientActions => {
-			const nearClient = createNearClient({
-				networkId: config.networkId || "mainnet",
-				callbacks: {
-					onConnect: (accountData) => {
-						// Update nearState atom when wallet connects
-						nearState.set({
-							accountId: accountData.accountId,
-							publicKey: accountData.publicKey,
-							networkId: config.networkId || "mainnet"
-						});
-					},
-					onDisconnect: () => {
-						// Clear nearState atom when wallet disconnects
-						nearState.set(null);
-						clearNonce();
-					}
-				}
-			});
-
 			return {
 				near: {
 					nonce: async (params: NonceRequestT, fetchOptions?: BetterFetchOption): Promise<BetterFetchResponse<NonceResponseT>> => {
@@ -123,11 +180,19 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 							...fetchOptions
 						});
 					},
-					getNearClient: () => nearClient,
-					getAccountId: () => nearClient.accountId(),
+					getNearClient: () => {
+						return nearInstance || publicNear;
+					},
+					getAccountId: () => {
+						const state = nearState.get();
+						return state?.accountId || null;
+					},
 					getState: () => nearState.get(),
 					disconnect: async () => {
-						await nearClient.signOut();
+						if (connector) {
+							await connector.disconnect();
+						}
+						nearInstance = null;
 						clearNonce();
 						nearState.set(null);
 					},
@@ -138,13 +203,14 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 						try {
 							const { recipient } = params;
 
-							if (!nearClient) {
+							if (!nearInstance) {
 								const error = new Error("NEAR client not available") as Error & { code?: string };
 								error.code = "SIGNER_NOT_AVAILABLE";
 								throw error;
 							}
 
-							const accountId = nearClient.accountId();
+							const state = nearState.get();
+							const accountId = state?.accountId;
 							if (!accountId) {
 								const error = new Error("Wallet not connected. Please connect your wallet first.") as Error & { code?: string };
 								error.code = "WALLET_NOT_CONNECTED";
@@ -152,11 +218,10 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 							}
 
 							// Get nonce first
-							const state = nearState.get();
 							const nonceRequest: NonceRequestT = {
 								accountId,
-								publicKey: state?.publicKey || "",
-								networkId: (state?.networkId || "mainnet") as "mainnet" | "testnet"
+								publicKey: state.publicKey || "",
+								networkId: (state.networkId || network) as "mainnet" | "testnet"
 							};
 
 							const nonceResponse: BetterFetchResponse<NonceResponseT> = await $fetch("/near/nonce", {
@@ -177,13 +242,28 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 							const message = `Sign in to ${recipient}\n\nAccount ID: ${accountId}\nNonce: ${nonce}`;
 							const nonceBytes = base64ToBytes(nonce);
 
-							// Sign the message
+							// Sign the message using near-sign-verify
 							const authToken = await sign(message, {
-								signer: nearClient,
+								signer: nearInstance,
 								recipient,
 								nonce: nonceBytes,
 							});
 
+							// Update state with publicKey from signed message if not already set
+							if (!state.publicKey) {
+								try {
+									const parsedToken = JSON.parse(authToken);
+									if (parsedToken.publicKey) {
+										nearState.set({
+											...state,
+											publicKey: parsedToken.publicKey,
+										});
+									}
+								} catch (e) {
+									// Ignore
+								}
+							}
+
 							// Link the account (instead of verify)
 							const linkResponse: BetterFetchResponse<any> = await $fetch("/near/link-account", {
 								method: "POST",
@@ -229,60 +309,68 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 						try {
 							const { recipient } = params;
 
-							if (!nearClient) {
-								const error = new Error("NEAR client not available") as Error & { code?: string };
-								error.code = "SIGNER_NOT_AVAILABLE";
-								throw error;
+							clearNonce();
+
+							// Create a promise to wait for wallet connection
+							connectionPromise = new Promise<void>((resolve, reject) => {
+								connectionResolve = resolve;
+								connectionReject = reject;
+							});
+
+							// Trigger Hot Connect modal
+							await connector.connect();
+
+							// Wait for wallet:signIn event
+							await connectionPromise;
+
+							// After connection, get account info and request nonce
+							const state = nearState.get();
+							if (!state || !state.accountId) {
+								throw new Error("Failed to get account information after wallet connection");
 							}
 
-							clearNonce();
+							const { accountId, networkId, publicKey } = state;
 
-							await nearClient.requestSignIn({ contractId: recipient }, {
-								onSuccess: async ({ accountId, publicKey, networkId }: { accountId: string, publicKey: string, networkId: string }) => {
-									try {
-										const nonceRequest: NonceRequestT = {
-											accountId,
-											publicKey,
-											networkId: networkId as "mainnet" | "testnet"
-										};
-
-										const nonceResponse: BetterFetchResponse<NonceResponseT> = await $fetch("/near/nonce", {
-											method: "POST",
-											body: nonceRequest
-										});
+							if (!publicKey) {
+								throw new Error("Failed to get public key from wallet");
+							}
 
-										if (nonceResponse.error) {
-											throw new Error(nonceResponse.error.message || "Failed to get nonce");
-										}
-
-										const nonce = nonceResponse?.data?.nonce;
-										if (!nonce) {
-											throw new Error("No nonce received from server");
-										}
-
-										// Cache nonce with all wallet data
-										const cachedData: CachedNonceData = {
-											nonce,
-											accountId,
-											publicKey,
-											networkId,
-											timestamp: Date.now()
-										};
-										cachedNonce.set(cachedData);
-
-										callbacks?.onSuccess?.();
-									} catch (error) {
-										const err = error instanceof Error ? error : new Error(String(error));
-										clearNonce();
-										callbacks?.onError?.(err);
-									}
-								},
-								onError: (error: any) => {
-									const err = error instanceof Error ? error : new Error(String(error));
-									clearNonce();
-									callbacks?.onError?.(err);
-								}
+							nearState.set({
+								...state,
+								publicKey,
 							});
+
+							const nonceRequest: NonceRequestT = {
+								accountId,
+								publicKey: publicKey,
+								networkId: networkId as "mainnet" | "testnet"
+							};
+
+							const nonceResponse: BetterFetchResponse<NonceResponseT> = await $fetch("/near/nonce", {
+								method: "POST",
+								body: nonceRequest
+							});
+
+							if (nonceResponse.error) {
+								throw new Error(nonceResponse.error.message || "Failed to get nonce");
+							}
+
+							const nonce = nonceResponse?.data?.nonce;
+							if (!nonce) {
+								throw new Error("No nonce received from server");
+							}
+
+							// Cache nonce with all wallet data
+							const cachedData: CachedNonceData = {
+								nonce,
+								accountId,
+								publicKey,
+								networkId,
+								timestamp: Date.now()
+							};
+							cachedNonce.set(cachedData);
+
+							callbacks?.onSuccess?.();
 						} catch (error) {
 							const err = error instanceof Error ? error : new Error(String(error));
 							clearNonce();
@@ -298,13 +386,14 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 						try {
 							const { recipient } = params;
 
-							if (!nearClient) {
+							if (!nearInstance) {
 								const error = new Error("NEAR client not available") as Error & { code?: string };
 								error.code = "SIGNER_NOT_AVAILABLE";
 								throw error;
 							}
 
-							const accountId = nearClient.accountId();
+							const state = nearState.get();
+							const accountId = state?.accountId;
 							if (!accountId) {
 								const error = new Error("Wallet not connected. Please connect your wallet first.") as Error & { code?: string };
 								error.code = "WALLET_NOT_CONNECTED";
@@ -335,12 +424,11 @@ export const siwnClient = (config: SIWNClientConfig): SIWNClientPlugin => {
 
 							// Sign the message
 							const authToken = await sign(message, {
-								signer: nearClient,
+								signer: nearInstance,
 								recipient,
 								nonce: nonceBytes,
 							});
 
-							// Verify the signature with the server
 							const verifyResponse: BetterFetchResponse<VerifyResponseT> = await $fetch("/near/verify", {
 								method: "POST",
 								body: {

package/src/index.ts

@@ -1,8 +1,8 @@
 import { APIError, createAuthEndpoint, createAuthMiddleware, sessionMiddleware } from "better-auth/api";
 import { setSessionCookie } from "better-auth/cookies";
 import type { Account, BetterAuthPlugin, User } from "better-auth/types";
-import { bytesToBase64 } from "fastintear/utils";
-import { generateNonce, verify, type VerificationResult, type VerifyOptions } from "near-sign-verify";
+import { generateNonce, parseAuthToken, verify, type VerificationResult, type VerifyOptions } from "near-sign-verify";
+import { bytesToBase64 } from "./utils";
 import z from "zod";
 import { defaultGetProfile, getImageUrl, getNetworkFromAccountId } from "./profile";
 import { schema } from "./schema";
@@ -464,6 +464,7 @@ export const siwn = (options: SIWNPluginOptions) =>
 					}
 
 					try {
+						console.log("in server authToken", parseAuthToken(authToken));
 						const verification =
 							await ctx.context.internalAdapter.findVerificationValue(
 								`siwn:${accountId}:${network}`,
@@ -622,8 +623,8 @@ export const siwn = (options: SIWNPluginOptions) =>
 						}
 
 						const session = await ctx.context.internalAdapter.createSession(
-							user.id,
-							ctx,
+							user.id
+							// ctx,
 						);
 
 						if (!session) {
@@ -645,6 +646,8 @@ export const siwn = (options: SIWNPluginOptions) =>
 							},
 						}));
 					} catch (error: unknown) {
+						console.log("server authToken", authToken);
+						console.log("server parsed authToken", parseAuthToken(authToken));
 						if (error instanceof APIError) throw error;
 						throw new APIError("UNAUTHORIZED", {
 							message: "Something went wrong. Please try again later.",

package/src/utils.ts

@@ -0,0 +1,13 @@
+/**
+ * Utility functions for base64 encoding/decoding
+ * Replaces fastintear/utils functions (now using standard browser APIs)
+ */
+
+export function bytesToBase64(bytes: Uint8Array): string {
+	return btoa(String.fromCharCode(...bytes));
+}
+
+export function base64ToBytes(base64: string): Uint8Array {
+	return Uint8Array.from(atob(base64), c => c.charCodeAt(0));
+}
+