create-croissant 0.1.0 → 0.1.2

package/template/apps/web/node_modules/@better-auth/core/src/env/logger.ts

@@ -0,0 +1,145 @@
+import { getColorDepth } from "./color-depth";
+
+export const TTY_COLORS = {
+	reset: "\x1b[0m",
+	bright: "\x1b[1m",
+	dim: "\x1b[2m",
+	undim: "\x1b[22m",
+	underscore: "\x1b[4m",
+	blink: "\x1b[5m",
+	reverse: "\x1b[7m",
+	hidden: "\x1b[8m",
+	fg: {
+		black: "\x1b[30m",
+		red: "\x1b[31m",
+		green: "\x1b[32m",
+		yellow: "\x1b[33m",
+		blue: "\x1b[34m",
+		magenta: "\x1b[35m",
+		cyan: "\x1b[36m",
+		white: "\x1b[37m",
+	},
+	bg: {
+		black: "\x1b[40m",
+		red: "\x1b[41m",
+		green: "\x1b[42m",
+		yellow: "\x1b[43m",
+		blue: "\x1b[44m",
+		magenta: "\x1b[45m",
+		cyan: "\x1b[46m",
+		white: "\x1b[47m",
+	},
+} as const;
+
+export type LogLevel = "debug" | "info" | "success" | "warn" | "error";
+
+export const levels = ["debug", "info", "success", "warn", "error"] as const;
+
+export function shouldPublishLog(
+	currentLogLevel: LogLevel,
+	logLevel: LogLevel,
+): boolean {
+	return levels.indexOf(logLevel) >= levels.indexOf(currentLogLevel);
+}
+
+export interface Logger {
+	disabled?: boolean | undefined;
+	disableColors?: boolean | undefined;
+	level?: Exclude<LogLevel, "success"> | undefined;
+	log?:
+		| ((
+				level: Exclude<LogLevel, "success">,
+				message: string,
+				...args: any[]
+		  ) => void)
+		| undefined;
+}
+
+export type LogHandlerParams =
+	Parameters<NonNullable<Logger["log"]>> extends [LogLevel, ...infer Rest]
+		? Rest
+		: never;
+
+const levelColors: Record<LogLevel, string> = {
+	info: TTY_COLORS.fg.blue,
+	success: TTY_COLORS.fg.green,
+	warn: TTY_COLORS.fg.yellow,
+	error: TTY_COLORS.fg.red,
+	debug: TTY_COLORS.fg.magenta,
+};
+
+const formatMessage = (
+	level: LogLevel,
+	message: string,
+	colorsEnabled: boolean,
+): string => {
+	const timestamp = new Date().toISOString();
+
+	if (colorsEnabled) {
+		return `${TTY_COLORS.dim}${timestamp}${TTY_COLORS.reset} ${
+			levelColors[level]
+		}${level.toUpperCase()}${TTY_COLORS.reset} ${TTY_COLORS.bright}[Better Auth]:${
+			TTY_COLORS.reset
+		} ${message}`;
+	}
+
+	return `${timestamp} ${level.toUpperCase()} [Better Auth]: ${message}`;
+};
+
+export type InternalLogger = {
+	[K in LogLevel]: (...params: LogHandlerParams) => void;
+} & {
+	get level(): LogLevel;
+};
+
+export const createLogger = (options?: Logger | undefined): InternalLogger => {
+	const enabled = options?.disabled !== true;
+	const logLevel = options?.level ?? "warn";
+
+	const isDisableColorsSpecified = options?.disableColors !== undefined;
+	const colorsEnabled = isDisableColorsSpecified
+		? !options.disableColors
+		: getColorDepth() !== 1;
+
+	const LogFunc = (
+		level: LogLevel,
+		message: string,
+		args: any[] = [],
+	): void => {
+		if (!enabled || !shouldPublishLog(logLevel, level)) {
+			return;
+		}
+
+		const formattedMessage = formatMessage(level, message, colorsEnabled);
+
+		if (!options || typeof options.log !== "function") {
+			if (level === "error") {
+				console.error(formattedMessage, ...args);
+			} else if (level === "warn") {
+				console.warn(formattedMessage, ...args);
+			} else {
+				console.log(formattedMessage, ...args);
+			}
+			return;
+		}
+
+		options.log(level === "success" ? "info" : level, message, ...args);
+	};
+
+	const logger = Object.fromEntries(
+		levels.map((level) => [
+			level,
+			(...[message, ...args]: LogHandlerParams) =>
+				LogFunc(level, message, args),
+		]),
+	) as Record<LogLevel, (...params: LogHandlerParams) => void>;
+
+	return {
+		...logger,
+		get level() {
+			return logLevel;
+		},
+	};
+};
+
+export const logger = createLogger();

package/template/apps/web/node_modules/@better-auth/core/src/error/codes.ts

@@ -0,0 +1,71 @@
+import { defineErrorCodes } from "../utils/error-codes";
+
+declare module "@better-auth/core" {
+	interface BetterAuthPluginRegistry<AuthOptions, Options> {
+		/**
+		 * This plugin does not exist, do not use it in runtime.
+		 */
+		"$internal:base": {
+			creator: () => {
+				$ERROR_CODES: typeof BASE_ERROR_CODES;
+			};
+		};
+	}
+}
+
+export const BASE_ERROR_CODES = defineErrorCodes({
+	USER_NOT_FOUND: "User not found",
+	FAILED_TO_CREATE_USER: "Failed to create user",
+	FAILED_TO_CREATE_SESSION: "Failed to create session",
+	FAILED_TO_UPDATE_USER: "Failed to update user",
+	FAILED_TO_GET_SESSION: "Failed to get session",
+	INVALID_PASSWORD: "Invalid password",
+	INVALID_EMAIL: "Invalid email",
+	INVALID_EMAIL_OR_PASSWORD: "Invalid email or password",
+	INVALID_USER: "Invalid user",
+	SOCIAL_ACCOUNT_ALREADY_LINKED: "Social account already linked",
+	PROVIDER_NOT_FOUND: "Provider not found",
+	INVALID_TOKEN: "Invalid token",
+	TOKEN_EXPIRED: "Token expired",
+	ID_TOKEN_NOT_SUPPORTED: "id_token not supported",
+	FAILED_TO_GET_USER_INFO: "Failed to get user info",
+	USER_EMAIL_NOT_FOUND: "User email not found",
+	EMAIL_NOT_VERIFIED: "Email not verified",
+	PASSWORD_TOO_SHORT: "Password too short",
+	PASSWORD_TOO_LONG: "Password too long",
+	USER_ALREADY_EXISTS: "User already exists.",
+	USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL:
+		"User already exists. Use another email.",
+	EMAIL_CAN_NOT_BE_UPDATED: "Email can not be updated",
+	CREDENTIAL_ACCOUNT_NOT_FOUND: "Credential account not found",
+	SESSION_EXPIRED: "Session expired. Re-authenticate to perform this action.",
+	FAILED_TO_UNLINK_LAST_ACCOUNT: "You can't unlink your last account",
+	ACCOUNT_NOT_FOUND: "Account not found",
+	USER_ALREADY_HAS_PASSWORD:
+		"User already has a password. Provide that to delete the account.",
+	CROSS_SITE_NAVIGATION_LOGIN_BLOCKED:
+		"Cross-site navigation login blocked. This request appears to be a CSRF attack.",
+	VERIFICATION_EMAIL_NOT_ENABLED: "Verification email isn't enabled",
+	EMAIL_ALREADY_VERIFIED: "Email is already verified",
+	EMAIL_MISMATCH: "Email mismatch",
+	SESSION_NOT_FRESH: "Session is not fresh",
+	LINKED_ACCOUNT_ALREADY_EXISTS: "Linked account already exists",
+	INVALID_ORIGIN: "Invalid origin",
+	INVALID_CALLBACK_URL: "Invalid callbackURL",
+	INVALID_REDIRECT_URL: "Invalid redirectURL",
+	INVALID_ERROR_CALLBACK_URL: "Invalid errorCallbackURL",
+	INVALID_NEW_USER_CALLBACK_URL: "Invalid newUserCallbackURL",
+	MISSING_OR_NULL_ORIGIN: "Missing or null Origin",
+	CALLBACK_URL_REQUIRED: "callbackURL is required",
+	FAILED_TO_CREATE_VERIFICATION: "Unable to create verification",
+	FIELD_NOT_ALLOWED: "Field not allowed to be set",
+	ASYNC_VALIDATION_NOT_SUPPORTED: "Async validation is not supported",
+	VALIDATION_ERROR: "Validation Error",
+	MISSING_FIELD: "Field is required",
+	METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED:
+		"POST method requires deferSessionRefresh to be enabled in session config",
+	BODY_MUST_BE_AN_OBJECT: "Body must be an object",
+	PASSWORD_ALREADY_SET: "User already has a password set",
+});
+
+export type APIErrorCode = keyof typeof BASE_ERROR_CODES;

package/template/apps/web/node_modules/@better-auth/core/src/error/index.ts

@@ -0,0 +1,35 @@
+import { APIError as BaseAPIError } from "better-call/error";
+
+export class BetterAuthError extends Error {
+	constructor(message: string, options?: { cause?: unknown | undefined }) {
+		super(message, options);
+		this.name = "BetterAuthError";
+		this.message = message;
+		this.stack = "";
+	}
+}
+
+export { type APIErrorCode, BASE_ERROR_CODES } from "./codes";
+
+export class APIError extends BaseAPIError {
+	constructor(...args: ConstructorParameters<typeof BaseAPIError>) {
+		super(...args);
+	}
+
+	static fromStatus(
+		status: ConstructorParameters<typeof BaseAPIError>[0],
+		body?: ConstructorParameters<typeof BaseAPIError>[1],
+	) {
+		return new APIError(status, body);
+	}
+
+	static from(
+		status: ConstructorParameters<typeof BaseAPIError>[0],
+		error: { code: string; message: string },
+	) {
+		return new APIError(status, {
+			message: error.message,
+			code: error.code,
+		});
+	}
+}

package/template/apps/web/node_modules/@better-auth/core/src/index.ts

@@ -0,0 +1 @@
+export * from "./types";

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/api.ts

@@ -0,0 +1,17 @@
+import type { OpenTelemetryAPI } from "./noop";
+import { noopOpenTelemetryAPI } from "./noop";
+
+let openTelemetryAPIPromise: Promise<void> | undefined;
+let openTelemetryAPI: OpenTelemetryAPI | undefined;
+
+export function getOpenTelemetryAPI(): OpenTelemetryAPI {
+	if (!openTelemetryAPIPromise) {
+		openTelemetryAPIPromise = import("@opentelemetry/api")
+			.then((mod) => {
+				openTelemetryAPI = mod;
+			})
+			.catch(() => /* ignore failures */ undefined);
+	}
+
+	return openTelemetryAPI ?? noopOpenTelemetryAPI;
+}

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/attributes.ts

@@ -0,0 +1,22 @@
+import {
+	ATTR_DB_COLLECTION_NAME,
+	ATTR_DB_OPERATION_NAME,
+	ATTR_HTTP_RESPONSE_STATUS_CODE,
+	ATTR_HTTP_ROUTE,
+} from "@opentelemetry/semantic-conventions";
+
+export {
+	ATTR_DB_COLLECTION_NAME,
+	ATTR_DB_OPERATION_NAME,
+	ATTR_HTTP_RESPONSE_STATUS_CODE,
+	ATTR_HTTP_ROUTE,
+};
+
+/** Operation identifier (e.g. getSession, signUpWithEmailAndPassword). Uses endpoint operationId when set, otherwise the endpoint key. */
+export const ATTR_OPERATION_ID = "better_auth.operation_id" as const;
+
+/** Hook type (e.g. before, after, create.before). */
+export const ATTR_HOOK_TYPE = "better_auth.hook.type" as const;
+
+/** Execution context (e.g. user, plugin:id). */
+export const ATTR_CONTEXT = "better_auth.context" as const;

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/index.ts

@@ -0,0 +1,2 @@
+export * from "./attributes";
+export * from "./tracer";

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/noop.ts

@@ -0,0 +1,74 @@
+import type { Span, Tracer } from "@opentelemetry/api";
+
+export type OpenTelemetryAPI = Pick<
+	typeof import("@opentelemetry/api"),
+	"trace" | "SpanStatusCode"
+>;
+
+function createNoopSpan(): Span {
+	const span = {
+		end(): void {},
+		setAttribute(_key: string, _value: unknown): void {},
+		setStatus(_status: unknown): void {},
+		recordException(_exception: unknown): void {},
+		updateName(_name: string) {
+			return span;
+		},
+	} as unknown as Span;
+	return span;
+}
+
+function createNoopTracer(noopSpan: Span): Tracer {
+	// OpenTelemetry `Tracer.startActiveSpan` has three overloads:
+	//   (name, fn)
+	//   (name, options, fn)
+	//   (name, options, context, fn)
+	// The callback is always the last argument; fish it out by arity so a
+	// 2-arg call (options omitted) doesn't try to invoke `undefined`.
+	function startActiveSpan<F extends (span: Span) => unknown>(
+		_name: string,
+		fn: F,
+	): ReturnType<F>;
+	function startActiveSpan<F extends (span: Span) => unknown>(
+		_name: string,
+		_options: { attributes?: Record<string, string | number | boolean> },
+		fn: F,
+	): ReturnType<F>;
+	function startActiveSpan<F extends (span: Span) => unknown>(
+		_name: string,
+		_options: { attributes?: Record<string, string | number | boolean> },
+		_context: unknown,
+		fn: F,
+	): ReturnType<F>;
+	function startActiveSpan(_name: string, ...rest: Array<unknown>): unknown {
+		const fn = rest[rest.length - 1] as (span: Span) => unknown;
+		return fn(noopSpan);
+	}
+	return { startActiveSpan } as Tracer;
+}
+
+function createNoopTraceAPI() {
+	const noopTracer = createNoopTracer(createNoopSpan());
+	return {
+		getTracer(_name?: string, _version?: string) {
+			return noopTracer;
+		},
+		getActiveSpan(): Span | undefined {
+			return undefined;
+		},
+	};
+}
+
+function createNoopOpenTelemetryAPI(): OpenTelemetryAPI {
+	return {
+		SpanStatusCode: {
+			UNSET: 0,
+			OK: 1,
+			ERROR: 2,
+		},
+		trace: createNoopTraceAPI(),
+	} as OpenTelemetryAPI;
+}
+
+export const noopOpenTelemetryAPI: OpenTelemetryAPI =
+	createNoopOpenTelemetryAPI();

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/pure.index.ts

@@ -0,0 +1,31 @@
+/**
+ * Noop variant of `./instrumentation` for runtimes where the dynamic
+ * `import("@opentelemetry/api")` in `./api` throws synchronously instead of
+ * rejecting its returned promise. Convex's V8 isolate is the reproducer: bare
+ * specifiers are rejected at resolve time in `get-convex/convex-backend`
+ * `crates/isolate/src/request_scope.rs`, so the `.catch()` in
+ * `getOpenTelemetryAPI` never runs and every `withSpan` call surfaces an
+ * uncaught error.
+ *
+ * Public surface must stay identical to `./index` (enforced by `pure.test.ts`).
+ */
+
+export * from "./attributes";
+
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => T,
+): T;
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => Promise<T>,
+): Promise<T>;
+export function withSpan<T>(
+	_name: string,
+	_attributes: Record<string, string | number | boolean>,
+	fn: () => T | Promise<T>,
+): T | Promise<T> {
+	return fn();
+}

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/tracer.ts

@@ -0,0 +1,95 @@
+import type { Span } from "@opentelemetry/api";
+import { getOpenTelemetryAPI } from "./api";
+import { ATTR_HTTP_RESPONSE_STATUS_CODE } from "./attributes";
+
+const INSTRUMENTATION_SCOPE = "better-auth";
+const INSTRUMENTATION_VERSION = import.meta.env?.BETTER_AUTH_VERSION ?? "1.0.0";
+
+/**
+ * Better-auth uses `throw ctx.redirect(url)` for flow control (e.g. OAuth
+ * callbacks). These are APIErrors with 3xx status codes and should not be
+ * recorded as span errors.
+ */
+function isRedirectError(err: unknown): boolean {
+	if (
+		err != null &&
+		typeof err === "object" &&
+		"name" in err &&
+		(err as { name: string }).name === "APIError" &&
+		"statusCode" in err
+	) {
+		const status = (err as { statusCode: number }).statusCode;
+		return status >= 300 && status < 400;
+	}
+	return false;
+}
+
+function endSpanWithError(span: Span, err: unknown) {
+	const { SpanStatusCode } = getOpenTelemetryAPI();
+	if (isRedirectError(err)) {
+		span.setAttribute(
+			ATTR_HTTP_RESPONSE_STATUS_CODE,
+			(err as { statusCode: number }).statusCode,
+		);
+		span.setStatus({ code: SpanStatusCode.OK });
+	} else {
+		span.recordException(err as Error);
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: String((err as Error)?.message ?? err),
+		});
+	}
+	span.end();
+}
+
+/**
+ * Creates a child span whose lifetime is bound to the execution of the given function
+ *
+ * @param name - The name of the span.
+ * @param attributes - The attributes of the span.
+ * @param fn - The function to execute within the span.
+ * @returns The result of the function.
+ */
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => T,
+): T;
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => Promise<T>,
+): Promise<T>;
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => T | Promise<T>,
+): T | Promise<T> {
+	const { trace } = getOpenTelemetryAPI();
+	const tracer = trace.getTracer(
+		INSTRUMENTATION_SCOPE,
+		INSTRUMENTATION_VERSION,
+	);
+
+	return tracer.startActiveSpan(name, { attributes }, (span) => {
+		try {
+			const result = fn();
+			if (result instanceof Promise) {
+				return result
+					.then((value) => {
+						span.end();
+						return value;
+					})
+					.catch((err) => {
+						endSpanWithError(span, err);
+						throw err;
+					}) as Promise<T>;
+			}
+			span.end();
+			return result;
+		} catch (err) {
+			endSpanWithError(span, err);
+			throw err;
+		}
+	});
+}

package/template/apps/web/node_modules/@better-auth/core/src/oauth2/client-credentials-token.ts

@@ -0,0 +1,126 @@
+import { base64Url } from "@better-auth/utils/base64";
+import { betterFetch } from "@better-fetch/fetch";
+import type { AwaitableFunction } from "../types";
+import type { OAuth2Tokens, ProviderOptions } from "./oauth-provider";
+
+export async function clientCredentialsTokenRequest({
+	options,
+	scope,
+	authentication,
+	resource,
+}: {
+	options: AwaitableFunction<ProviderOptions & { clientSecret: string }>;
+	scope?: string | undefined;
+	authentication?: ("basic" | "post") | undefined;
+	resource?: (string | string[]) | undefined;
+}) {
+	options = typeof options === "function" ? await options() : options;
+	return createClientCredentialsTokenRequest({
+		options,
+		scope,
+		authentication,
+		resource,
+	});
+}
+
+/**
+ * @deprecated use async'd clientCredentialsTokenRequest instead
+ */
+export function createClientCredentialsTokenRequest({
+	options,
+	scope,
+	authentication,
+	resource,
+}: {
+	options: ProviderOptions & { clientSecret: string };
+	scope?: string | undefined;
+	authentication?: ("basic" | "post") | undefined;
+	resource?: (string | string[]) | undefined;
+}) {
+	const body = new URLSearchParams();
+	const headers: Record<string, any> = {
+		"content-type": "application/x-www-form-urlencoded",
+		accept: "application/json",
+	};
+
+	body.set("grant_type", "client_credentials");
+	scope && body.set("scope", scope);
+	if (resource) {
+		if (typeof resource === "string") {
+			body.append("resource", resource);
+		} else {
+			for (const _resource of resource) {
+				body.append("resource", _resource);
+			}
+		}
+	}
+	if (authentication === "basic") {
+		const primaryClientId = Array.isArray(options.clientId)
+			? options.clientId[0]
+			: options.clientId;
+		const encodedCredentials = base64Url.encode(
+			`${primaryClientId}:${options.clientSecret}`,
+		);
+		headers["authorization"] = `Basic ${encodedCredentials}`;
+	} else {
+		const primaryClientId = Array.isArray(options.clientId)
+			? options.clientId[0]
+			: options.clientId;
+		body.set("client_id", primaryClientId);
+		body.set("client_secret", options.clientSecret);
+	}
+
+	return {
+		body,
+		headers,
+	};
+}
+
+export async function clientCredentialsToken({
+	options,
+	tokenEndpoint,
+	scope,
+	authentication,
+	resource,
+}: {
+	options: AwaitableFunction<ProviderOptions & { clientSecret: string }>;
+	tokenEndpoint: string;
+	scope: string;
+	authentication?: ("basic" | "post") | undefined;
+	resource?: (string | string[]) | undefined;
+}): Promise<OAuth2Tokens> {
+	const { body, headers } = await clientCredentialsTokenRequest({
+		options,
+		scope,
+		authentication,
+		resource,
+	});
+
+	const { data, error } = await betterFetch<{
+		access_token: string;
+		expires_in?: number | undefined;
+		token_type?: string | undefined;
+		scope?: string | undefined;
+	}>(tokenEndpoint, {
+		method: "POST",
+		body,
+		headers,
+	});
+	if (error) {
+		throw error;
+	}
+	const tokens: OAuth2Tokens = {
+		accessToken: data.access_token,
+		tokenType: data.token_type,
+		scopes: data.scope?.split(" "),
+	};
+
+	if (data.expires_in) {
+		const now = new Date();
+		tokens.accessTokenExpiresAt = new Date(
+			now.getTime() + data.expires_in * 1000,
+		);
+	}
+
+	return tokens;
+}