create-croissant 0.1.0 → 0.1.2

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/zoom.ts

@@ -0,0 +1,230 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	generateCodeChallenge,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+export type LoginType =
+	| 0 /** Facebook OAuth */
+	| 1 /** Google OAuth */
+	| 24 /** Apple OAuth */
+	| 27 /** Microsoft OAuth */
+	| 97 /** Mobile device */
+	| 98 /** RingCentral OAuth */
+	| 99 /** API user */
+	| 100 /** Zoom Work email */
+	| 101; /** Single Sign-On (SSO) */
+
+export type AccountStatus = "pending" | "active" | "inactive";
+
+export type PronounOption =
+	| 1 /** Ask the user every time */
+	| 2 /** Always display */
+	| 3; /** Do not display */
+
+export interface PhoneNumber {
+	/** The country code of the phone number (Example: "+1") */
+	code: string;
+
+	/** The country of the phone number (Example: "US") */
+	country: string;
+
+	/** The label for the phone number (Example: "Mobile") */
+	label: string;
+
+	/** The phone number itself (Example: "800000000") */
+	number: string;
+
+	/** Whether the phone number has been verified (Example: true) */
+	verified: boolean;
+}
+
+/**
+ * See the full documentation below:
+ * https://developers.zoom.us/docs/api/users/#tag/users/GET/users/{userId}
+ */
+export interface ZoomProfile extends Record<string, any> {
+	/* cspell:disable-next-line */
+	/** The user's account ID (Example: "q6gBJVO5TzexKYTb_I2rpg") */
+	account_id: string;
+	/** The user's account number (Example: 10009239) */
+	account_number: number;
+	/** The user's cluster (Example: "us04") */
+	cluster: string;
+	/** The user's CMS ID. Only enabled for Kaltura integration (Example: "KDcuGIm1QgePTO8WbOqwIQ") */
+	cms_user_id: string;
+	/** The user's cost center (Example: "cost center") */
+	cost_center: string;
+	/** User create time (Example: "2018-10-31T04:32:37Z") */
+	created_at: string;
+	/** Department (Example: "Developers") */
+	dept: string;
+	/** User's display name (Example: "Jill Chill") */
+	display_name: string;
+	/** User's email address (Example: "jchill@example.com") */
+	email: string;
+	/** User's first name (Example: "Jill") */
+	first_name: string;
+	/* cspell:disable-next-line */
+	/** IDs of the web groups that the user belongs to (Example: ["RSMaSp8sTEGK0_oamiA2_w"]) */
+	group_ids: string[];
+	/* cspell:disable-next-line */
+	/** User ID (Example: "zJKyaiAyTNC-MWjiWC18KQ") */
+	id: string;
+	/* cspell:disable-next-line */
+	/** IM IDs of the groups that the user belongs to (Example: ["t-_-d56CSWG-7BF15LLrOw"]) */
+	im_group_ids: string[];
+	/** The user's JID (Example: "jchill@example.com") */
+	jid: string;
+	/** The user's job title (Example: "API Developer") */
+	job_title: string;
+	/** Default language for the Zoom Web Portal (Example: "en-US") */
+	language: string;
+	/** User last login client version (Example: "5.9.6.4993(mac)") */
+	last_client_version: string;
+	/** User last login time (Example: "2021-05-05T20:40:30Z") */
+	last_login_time: string;
+	/** User's last name (Example: "Chill") */
+	last_name: string;
+	/** The time zone of the user (Example: "Asia/Shanghai") */
+	timezone: string;
+	/** User's location (Example: "Paris") */
+	location: string;
+	/** The user's login method (Example: 101) */
+	login_types: LoginType[];
+	/** User's personal meeting URL (Example: "example.com") */
+	personal_meeting_url: string;
+	/** The URL for user's profile picture (Example: "example.com") */
+	pic_url: string;
+	/** Personal Meeting ID (PMI) (Example: 3542471135) */
+	pmi: number;
+	/** Unique identifier of the user's assigned role (Example: "0") */
+	role_id: string;
+	/** User's role name (Example: "Admin") */
+	role_name: string;
+	/** Status of user's account (Example: "pending") */
+	status: AccountStatus;
+	/** Use the personal meeting ID (PMI) for instant meetings (Example: false) */
+	use_pmi: boolean;
+	/** The time and date when the user was created (Example: "2018-10-31T04:32:37Z") */
+	user_created_at: string;
+	/** Displays whether user is verified or not (Example: 1) */
+	verified: number;
+	/** The user's Zoom Workplace plan option (Example: 64) */
+	zoom_one_type: number;
+	/** The user's company (Example: "Jill") */
+	company?: string | undefined;
+	/* cspell:disable-next-line */
+	/** Custom attributes that have been assigned to the user (Example: [{ "key": "cbf_cywdkexrtqc73f97gd4w6g", "name": "A1", "value": "1" }]) */
+	custom_attributes?:
+		| { key: string; name: string; value: string }[]
+		| undefined;
+	/* cspell:disable-next-line */
+	/** The employee's unique ID. This field only returns when SAML single sign-on (SSO) is enabled. The `login_type` value is `101` (SSO) (Example: "HqDyI037Qjili1kNsSIrIg") */
+	employee_unique_id?: string | undefined;
+	/** The manager for the user (Example: "thill@example.com") */
+	manager?: string | undefined;
+	/** The phone number's ISO country code (Example: "+1") */
+	phone_numbers?: PhoneNumber[] | undefined;
+	/** The user's plan type (Example: "1") */
+	plan_united_type?: string | undefined;
+	/** The user's pronouns (Example: "3123") */
+	pronouns?: string | undefined;
+	/** The user's display pronouns setting (Example: 1) */
+	pronouns_option?: PronounOption | undefined;
+	/** Personal meeting room URL, if the user has one (Example: "example.com") */
+	vanity_url?: string | undefined;
+}
+
+export interface ZoomOptions extends ProviderOptions<ZoomProfile> {
+	clientId: string;
+	pkce?: boolean | undefined;
+}
+
+export const zoom = (userOptions: ZoomOptions) => {
+	const options = {
+		pkce: true,
+		...userOptions,
+	};
+
+	return {
+		id: "zoom",
+		name: "Zoom",
+		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
+			const params = new URLSearchParams({
+				response_type: "code",
+				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
+				client_id: options.clientId,
+				state,
+			});
+
+			if (options.pkce) {
+				const codeChallenge = await generateCodeChallenge(codeVerifier);
+				params.set("code_challenge_method", "S256");
+				params.set("code_challenge", codeChallenge);
+			}
+
+			const url = new URL("https://zoom.us/oauth/authorize");
+			url.search = params.toString();
+
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				codeVerifier,
+				options,
+				tokenEndpoint: "https://zoom.us/oauth/token",
+				authentication: "post",
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) =>
+					refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint: "https://zoom.us/oauth/token",
+					}),
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error } = await betterFetch<ZoomProfile>(
+				"https://api.zoom.us/v2/users/me",
+				{
+					headers: {
+						authorization: `Bearer ${token.accessToken}`,
+					},
+				},
+			);
+
+			if (error) {
+				return null;
+			}
+
+			const userMap = await options.mapProfileToUser?.(profile);
+
+			return {
+				user: {
+					id: profile.id,
+					name: profile.display_name,
+					image: profile.pic_url,
+					email: profile.email,
+					emailVerified: Boolean(profile.verified),
+					...userMap,
+				},
+				data: {
+					...profile,
+				},
+			};
+		},
+	} satisfies OAuthProvider<ZoomProfile>;
+};

package/template/apps/web/node_modules/@better-auth/core/src/types/context.ts

@@ -0,0 +1,415 @@
+import type { CookieOptions, EndpointContext } from "better-call";
+import type {
+	Account,
+	BetterAuthDBSchema,
+	ModelNames,
+	SecondaryStorage,
+	Session,
+	User,
+	Verification,
+} from "../db";
+import type { DBAdapter, Where } from "../db/adapter";
+import type { createLogger } from "../env";
+import type { OAuthProvider } from "../oauth2";
+import type { BetterAuthCookie, BetterAuthCookies } from "./cookie";
+import type { Awaitable, LiteralString } from "./helper";
+import type {
+	BetterAuthOptions,
+	BetterAuthRateLimitOptions,
+} from "./init-options";
+import type { BetterAuthPlugin } from "./plugin";
+import type { SecretConfig } from "./secret";
+
+/**
+ * @internal
+ */
+type InferPluginID<O extends BetterAuthOptions> =
+	O["plugins"] extends Array<infer P>
+		? P extends BetterAuthPlugin
+			? P["id"]
+			: never
+		: never;
+
+/**
+ * @internal
+ */
+type InferPluginOptions<
+	O extends BetterAuthOptions,
+	ID extends BetterAuthPluginRegistryIdentifier | LiteralString,
+> =
+	O["plugins"] extends Array<infer P>
+		? P extends BetterAuthPlugin
+			? P["id"] extends ID
+				? P extends { options: infer O }
+					? O
+					: never
+				: never
+			: never
+		: never;
+
+/**
+ * Mutators are defined in each plugin
+ *
+ * @example
+ * ```ts
+ * interface MyPluginOptions {
+ *   useFeature: boolean
+ * }
+ *
+ * const createMyPlugin = <Options extends MyPluginOptions>(options?: Options) => ({
+ *   id: 'my-plugin',
+ *   version: '1.0.0',
+ *   options,
+ * } satisfies BetterAuthPlugin);
+ *
+ * declare module "@better-auth/core" {
+ *  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+ *    'my-plugin': {
+ *      creator: Options extends MyPluginOptions ? typeof createMyPlugin<Options>: typeof createMyPlugin
+ *    }
+ *  }
+ * }
+ * ```
+ */
+// biome-ignore lint/correctness/noUnusedVariables: Auth and Context is used in the declaration merging
+export interface BetterAuthPluginRegistry<AuthOptions, Options> {}
+export type BetterAuthPluginRegistryIdentifier = keyof BetterAuthPluginRegistry<
+	unknown,
+	unknown
+>;
+
+export type GenericEndpointContext<
+	Options extends BetterAuthOptions = BetterAuthOptions,
+> = EndpointContext<string, any> & {
+	context: AuthContext<Options>;
+};
+
+export interface InternalAdapter<
+	_Options extends BetterAuthOptions = BetterAuthOptions,
+> {
+	createOAuthUser(
+		user: Omit<User, "id" | "createdAt" | "updatedAt">,
+		account: Omit<Account, "userId" | "id" | "createdAt" | "updatedAt"> &
+			Partial<Account>,
+	): Promise<{ user: User; account: Account }>;
+
+	createUser<T extends Record<string, any>>(
+		user: Omit<User, "id" | "createdAt" | "updatedAt" | "emailVerified"> &
+			Partial<User> &
+			Record<string, any>,
+	): Promise<T & User>;
+
+	createAccount<T extends Record<string, any>>(
+		account: Omit<Account, "id" | "createdAt" | "updatedAt"> &
+			Partial<Account> &
+			T,
+	): Promise<T & Account>;
+
+	listSessions(
+		userId: string,
+		options?: { onlyActiveSessions?: boolean | undefined } | undefined,
+	): Promise<Session[]>;
+
+	listUsers(
+		limit?: number | undefined,
+		offset?: number | undefined,
+		sortBy?: { field: string; direction: "asc" | "desc" } | undefined,
+		where?: Where[] | undefined,
+	): Promise<User[]>;
+
+	countTotalUsers(where?: Where[] | undefined): Promise<number>;
+
+	deleteUser(userId: string): Promise<void>;
+
+	createSession(
+		userId: string,
+		dontRememberMe?: boolean | undefined,
+		override?: (Partial<Session> & Record<string, any>) | undefined,
+		overrideAll?: boolean | undefined,
+	): Promise<Session>;
+
+	findSession(token: string): Promise<{
+		session: Session & Record<string, any>;
+		user: User & Record<string, any>;
+	} | null>;
+
+	findSessions(
+		sessionTokens: string[],
+		options?:
+			| {
+					onlyActiveSessions?: boolean | undefined;
+			  }
+			| undefined,
+	): Promise<{ session: Session; user: User }[]>;
+
+	updateSession(
+		sessionToken: string,
+		session: Partial<Session> & Record<string, any>,
+	): Promise<Session | null>;
+
+	deleteSession(token: string): Promise<void>;
+
+	deleteAccounts(userId: string): Promise<void>;
+
+	deleteAccount(accountId: string): Promise<void>;
+
+	deleteSessions(userIdOrSessionTokens: string | string[]): Promise<void>;
+
+	findOAuthUser(
+		email: string,
+		accountId: string,
+		providerId: string,
+	): Promise<{
+		user: User;
+		linkedAccount: Account | null;
+		accounts: Account[];
+	} | null>;
+
+	findUserByEmail(
+		email: string,
+		options?: { includeAccounts: boolean } | undefined,
+	): Promise<{ user: User; accounts: Account[] } | null>;
+
+	findUserById(userId: string): Promise<User | null>;
+
+	linkAccount(
+		account: Omit<Account, "id" | "createdAt" | "updatedAt"> & Partial<Account>,
+	): Promise<Account>;
+
+	// Record<string, any> is to take into account additional fields or plugin-added fields
+	updateUser<T extends Record<string, any>>(
+		userId: string,
+		data: Partial<User> & Record<string, any>,
+	): Promise<User & T>;
+
+	updateUserByEmail<T extends Record<string, any>>(
+		email: string,
+		data: Partial<User & Record<string, any>>,
+	): Promise<User & T>;
+
+	updatePassword(userId: string, password: string): Promise<void>;
+
+	findAccounts(userId: string): Promise<Account[]>;
+
+	findAccount(accountId: string): Promise<Account | null>;
+
+	findAccountByProviderId(
+		accountId: string,
+		providerId: string,
+	): Promise<Account | null>;
+
+	findAccountByUserId(userId: string): Promise<Account[]>;
+
+	updateAccount(id: string, data: Partial<Account>): Promise<Account>;
+
+	createVerificationValue(
+		data: Omit<Verification, "createdAt" | "id" | "updatedAt"> &
+			Partial<Verification>,
+	): Promise<Verification>;
+
+	findVerificationValue(identifier: string): Promise<Verification | null>;
+
+	deleteVerificationByIdentifier(identifier: string): Promise<void>;
+
+	updateVerificationByIdentifier(
+		identifier: string,
+		data: Partial<Verification>,
+	): Promise<Verification>;
+}
+
+type CreateCookieGetterFn = (
+	cookieName: string,
+	overrideAttributes?: Partial<CookieOptions> | undefined,
+) => BetterAuthCookie;
+
+type CheckPasswordFn<Options extends BetterAuthOptions = BetterAuthOptions> = (
+	userId: string,
+	ctx: GenericEndpointContext<Options>,
+) => Promise<boolean>;
+
+export type PluginContext<Options extends BetterAuthOptions> = {
+	getPlugin: <
+		ID extends BetterAuthPluginRegistryIdentifier | LiteralString,
+		PluginOptions extends InferPluginOptions<Options, ID>,
+	>(
+		pluginId: ID,
+	) =>
+		| (ID extends BetterAuthPluginRegistryIdentifier
+				? BetterAuthPluginRegistry<Options, PluginOptions>[ID] extends {
+						creator: infer C;
+					}
+					? C extends (...args: any[]) => infer R
+						? R
+						: never
+					: never
+				: BetterAuthPlugin)
+		| null;
+	/**
+	 * Checks if a plugin is enabled by its ID.
+	 *
+	 * @param pluginId - The ID of the plugin to check
+	 * @returns `true` if the plugin is enabled, `false` otherwise
+	 *
+	 * @example
+	 * ```ts
+	 * if (ctx.context.hasPlugin("organization")) {
+	 *   // organization plugin is enabled
+	 * }
+	 * ```
+	 */
+	hasPlugin: <ID extends BetterAuthPluginRegistryIdentifier | LiteralString>(
+		pluginId: ID,
+	) => ID extends InferPluginID<Options> ? true : boolean;
+};
+
+export type InfoContext = {
+	appName: string;
+	baseURL: string;
+	version: string;
+};
+
+export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
+	PluginContext<Options> &
+		InfoContext & {
+			options: Options;
+			trustedOrigins: string[];
+			/**
+			 * Resolved list of trusted providers for account linking.
+			 * Populated from "account.accountLinking.trustedProviders" (supports static array or async function).
+			 */
+			trustedProviders: string[];
+			/**
+			 * Verifies whether url is a trusted origin according to the "trustedOrigins" configuration
+			 * @param url The url to verify against the "trustedOrigins" configuration
+			 * @param settings Specify supported pattern matching settings
+			 * @returns {boolean} true if the URL matches the origin pattern, false otherwise.
+			 */
+			isTrustedOrigin: (
+				url: string,
+				settings?: { allowRelativePaths: boolean },
+			) => boolean;
+			oauthConfig: {
+				/**
+				 * This is dangerous and should only be used in dev or staging environments.
+				 */
+				skipStateCookieCheck?: boolean | undefined;
+				/**
+				 * Strategy for storing OAuth state
+				 *
+				 * - "cookie": Store state in an encrypted cookie (stateless)
+				 * - "database": Store state in the database
+				 *
+				 * @default "cookie"
+				 */
+				storeStateStrategy: "database" | "cookie";
+			};
+			/**
+			 * New session that will be set after the request
+			 * meaning: there is a `set-cookie` header that will set
+			 * the session cookie. This is the fetched session. And it's set
+			 * by `setNewSession` method.
+			 */
+			newSession: {
+				session: Session & Record<string, any>;
+				user: User & Record<string, any>;
+			} | null;
+			session: {
+				session: Session & Record<string, any>;
+				user: User & Record<string, any>;
+			} | null;
+			setNewSession: (
+				session: {
+					session: Session & Record<string, any>;
+					user: User & Record<string, any>;
+				} | null,
+			) => void;
+			socialProviders: OAuthProvider[];
+			authCookies: BetterAuthCookies;
+			logger: ReturnType<typeof createLogger>;
+			rateLimit: {
+				enabled: boolean;
+				window: number;
+				max: number;
+				storage: "memory" | "database" | "secondary-storage";
+			} & Omit<
+				BetterAuthRateLimitOptions,
+				"enabled" | "window" | "max" | "storage"
+			>;
+			adapter: DBAdapter<Options>;
+			internalAdapter: InternalAdapter<Options>;
+			createAuthCookie: CreateCookieGetterFn;
+			secret: string;
+			secretConfig: string | SecretConfig;
+			sessionConfig: {
+				updateAge: number;
+				expiresIn: number;
+				freshAge: number;
+				cookieRefreshCache:
+					| false
+					| {
+							enabled: true;
+							updateAge: number;
+					  };
+			};
+			generateId: (options: {
+				model: ModelNames;
+				size?: number | undefined;
+			}) => string | false;
+			secondaryStorage: SecondaryStorage | undefined;
+			password: {
+				hash: (password: string) => Promise<string>;
+				verify: (data: { password: string; hash: string }) => Promise<boolean>;
+				config: {
+					minPasswordLength: number;
+					maxPasswordLength: number;
+				};
+				checkPassword: CheckPasswordFn<Options>;
+			};
+			tables: BetterAuthDBSchema;
+			runMigrations: () => Promise<void>;
+			publishTelemetry: (event: {
+				type: string;
+				anonymousId?: string | undefined;
+				payload: Record<string, any>;
+			}) => Promise<void>;
+			/**
+			 * Skip origin check for requests.
+			 *
+			 * - `true`: Skip for ALL requests (DANGEROUS - disables CSRF protection)
+			 * - `string[]`: Skip only for specific paths (e.g., SAML callbacks)
+			 * - `false`: Enable origin check (default)
+			 *
+			 * Paths support prefix matching (e.g., "/sso/saml2/callback" matches
+			 * "/sso/saml2/callback/provider-name").
+			 *
+			 * @default false (true in test environments)
+			 */
+			skipOriginCheck: boolean | string[];
+			/**
+			 * This skips the CSRF check for all requests.
+			 *
+			 * This is inferred from the `options.advanced?.
+			 * disableCSRFCheck` option.
+			 *
+			 * @default false
+			 */
+			skipCSRFCheck: boolean;
+			/**
+			 * Background task handler for deferred operations.
+			 *
+			 * This is inferred from the `options.advanced?.backgroundTasks?.handler` option.
+			 * Defaults to a no-op that just runs the promise.
+			 */
+			runInBackground: (promise: Promise<unknown>) => void;
+			/**
+			 * Runs a task in the background if `runInBackground` is configured,
+			 * otherwise awaits the task directly.
+			 *
+			 * This is useful for operations like sending emails where we want
+			 * to avoid blocking the response when possible (for timing attack
+			 * mitigation), but still ensure the operation completes.
+			 */
+			runInBackgroundOrAwait: (
+				promise: Promise<unknown> | void,
+			) => Awaitable<unknown>;
+		};

package/template/apps/web/node_modules/@better-auth/core/src/types/cookie.ts

@@ -0,0 +1,10 @@
+import type { CookieOptions } from "better-call";
+
+export type BetterAuthCookie = { name: string; attributes: CookieOptions };
+
+export type BetterAuthCookies = {
+	sessionToken: BetterAuthCookie;
+	sessionData: BetterAuthCookie;
+	accountData: BetterAuthCookie;
+	dontRememberToken: BetterAuthCookie;
+};

package/template/apps/web/node_modules/@better-auth/core/src/types/helper.ts

@@ -0,0 +1,27 @@
+export type Primitive =
+	| string
+	| number
+	| symbol
+	| bigint
+	| boolean
+	| null
+	| undefined;
+
+export type Awaitable<T> = T | Promise<T>;
+export type AwaitableFunction<T> = T | (() => Awaitable<T>);
+export type LiteralString = "" | (string & Record<never, never>);
+export type LiteralUnion<LiteralType, BaseType extends Primitive> =
+	| LiteralType
+	| (BaseType & Record<never, never>);
+
+export type Prettify<T> = {
+	[K in keyof T]: T[K];
+} & {};
+
+export type UnionToIntersection<U> = (
+	U extends any
+		? (k: U) => void
+		: never
+) extends (k: infer I) => void
+	? I
+	: never;