create-croissant 0.1.7 → 0.1.9

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/linear.d.mts

@@ -1,68 +0,0 @@
-import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-//#region src/social-providers/linear.d.ts
-interface LinearUser {
-  id: string;
-  name: string;
-  email: string;
-  avatarUrl?: string | undefined;
-  active: boolean;
-  createdAt: string;
-  updatedAt: string;
-}
-interface LinearProfile {
-  data: {
-    viewer: LinearUser;
-  };
-}
-interface LinearOptions extends ProviderOptions<LinearUser> {
-  clientId: string;
-}
-declare const linear: (options: LinearOptions) => {
-  id: "linear";
-  name: string;
-  createAuthorizationURL({
-    state,
-    scopes,
-    loginHint,
-    redirectURI
-  }: {
-    state: string;
-    codeVerifier: string;
-    scopes?: string[] | undefined;
-    redirectURI: string;
-    display?: string | undefined;
-    loginHint?: string | undefined;
-  }): Promise<URL>;
-  validateAuthorizationCode: ({
-    code,
-    redirectURI
-  }: {
-    code: string;
-    redirectURI: string;
-    codeVerifier?: string | undefined;
-    deviceId?: string | undefined;
-  }) => Promise<OAuth2Tokens>;
-  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
-  getUserInfo(token: OAuth2Tokens & {
-    user?: {
-      name?: {
-        firstName?: string;
-        lastName?: string;
-      };
-      email?: string;
-    } | undefined;
-  }): Promise<{
-    user: {
-      id: string;
-      name?: string;
-      email?: string | null;
-      image?: string;
-      emailVerified: boolean;
-      [key: string]: any;
-    };
-    data: any;
-  } | null>;
-  options: LinearOptions;
-};
-//#endregion
-export { LinearOptions, LinearProfile, LinearUser, linear };

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/linear.mjs

@@ -1,85 +0,0 @@
-import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
-import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
-import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
-import { betterFetch } from "@better-fetch/fetch";
-//#region src/social-providers/linear.ts
-const linear = (options) => {
-	const tokenEndpoint = "https://api.linear.app/oauth/token";
-	return {
-		id: "linear",
-		name: "Linear",
-		createAuthorizationURL({ state, scopes, loginHint, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["read"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "linear",
-				options,
-				authorizationEndpoint: "https://linear.app/oauth/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				loginHint
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.linear.app/graphql", {
-				method: "POST",
-				headers: {
-					"Content-Type": "application/json",
-					Authorization: `Bearer ${token.accessToken}`
-				},
-				body: JSON.stringify({ query: `
-							query {
-								viewer {
-									id
-									name
-									email
-									avatarUrl
-									active
-									createdAt
-									updatedAt
-								}
-							}
-						` })
-			});
-			if (error || !profile?.data?.viewer) return null;
-			const userData = profile.data.viewer;
-			const userMap = await options.mapProfileToUser?.(userData);
-			return {
-				user: {
-					id: profile.data.viewer.id,
-					name: profile.data.viewer.name,
-					email: profile.data.viewer.email,
-					image: profile.data.viewer.avatarUrl,
-					emailVerified: false,
-					...userMap
-				},
-				data: userData
-			};
-		},
-		options
-	};
-};
-//#endregion
-export { linear };

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/linkedin.d.mts

@@ -1,67 +0,0 @@
-import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-//#region src/social-providers/linkedin.d.ts
-interface LinkedInProfile {
-  sub: string;
-  name: string;
-  given_name: string;
-  family_name: string;
-  picture: string;
-  locale: {
-    country: string;
-    language: string;
-  };
-  email: string;
-  email_verified: boolean;
-}
-interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {
-  clientId: string;
-}
-declare const linkedin: (options: LinkedInOptions) => {
-  id: "linkedin";
-  name: string;
-  createAuthorizationURL: ({
-    state,
-    scopes,
-    redirectURI,
-    loginHint
-  }: {
-    state: string;
-    codeVerifier: string;
-    scopes?: string[] | undefined;
-    redirectURI: string;
-    display?: string | undefined;
-    loginHint?: string | undefined;
-  }) => Promise<URL>;
-  validateAuthorizationCode: ({
-    code,
-    redirectURI
-  }: {
-    code: string;
-    redirectURI: string;
-    codeVerifier?: string | undefined;
-    deviceId?: string | undefined;
-  }) => Promise<OAuth2Tokens>;
-  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
-  getUserInfo(token: OAuth2Tokens & {
-    user?: {
-      name?: {
-        firstName?: string;
-        lastName?: string;
-      };
-      email?: string;
-    } | undefined;
-  }): Promise<{
-    user: {
-      id: string;
-      name?: string;
-      email?: string | null;
-      image?: string;
-      emailVerified: boolean;
-      [key: string]: any;
-    };
-    data: any;
-  } | null>;
-  options: LinkedInOptions;
-};
-//#endregion
-export { LinkedInOptions, LinkedInProfile, linkedin };

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/linkedin.mjs

@@ -1,73 +0,0 @@
-import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
-import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
-import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
-import { betterFetch } from "@better-fetch/fetch";
-//#region src/social-providers/linkedin.ts
-const linkedin = (options) => {
-	const authorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
-	const tokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
-	return {
-		id: "linkedin",
-		name: "Linkedin",
-		createAuthorizationURL: async ({ state, scopes, redirectURI, loginHint }) => {
-			const _scopes = options.disableDefaultScope ? [] : [
-				"profile",
-				"email",
-				"openid"
-			];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return await createAuthorizationURL({
-				id: "linkedin",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				loginHint,
-				redirectURI
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return await validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientKey: options.clientKey,
-					clientSecret: options.clientSecret
-				},
-				tokenEndpoint
-			});
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			const { data: profile, error } = await betterFetch("https://api.linkedin.com/v2/userinfo", {
-				method: "GET",
-				headers: { Authorization: `Bearer ${token.accessToken}` }
-			});
-			if (error) return null;
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.name,
-					email: profile.email,
-					emailVerified: profile.email_verified || false,
-					image: profile.picture,
-					...userMap
-				},
-				data: profile
-			};
-		},
-		options
-	};
-};
-//#endregion
-export { linkedin };

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/microsoft-entra-id.d.mts

@@ -1,174 +0,0 @@
-import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-//#region src/social-providers/microsoft-entra-id.d.ts
-/**
- * @see [Microsoft Identity Platform - Optional claims reference](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims-reference)
- */
-interface MicrosoftEntraIDProfile extends Record<string, any> {
-  /** Identifies the intended recipient of the token */
-  aud: string;
-  /** Identifies the issuer, or "authorization server" that constructs and returns the token */
-  iss: string;
-  /** Indicates when the authentication for the token occurred */
-  iat: Date;
-  /** Records the identity provider that authenticated the subject of the token */
-  idp: string;
-  /** Identifies the time before which the JWT can't be accepted for processing */
-  nbf: Date;
-  /** Identifies the expiration time on or after which the JWT can't be accepted for processing */
-  exp: Date;
-  /** Code hash included in ID tokens when issued with an OAuth 2.0 authorization code */
-  c_hash: string;
-  /** Access token hash included in ID tokens when issued with an OAuth 2.0 access token */
-  at_hash: string;
-  /** Internal claim used to record data for token reuse */
-  aio: string;
-  /** The primary username that represents the user */
-  preferred_username: string;
-  /** User's email address */
-  email: string;
-  /** Human-readable value that identifies the subject of the token */
-  name: string;
-  /** Matches the parameter included in the original authorize request */
-  nonce: string;
-  /** User's profile picture */
-  picture: string;
-  /** Immutable identifier for the user account */
-  oid: string;
-  /** Set of roles assigned to the user */
-  roles: string[];
-  /** Internal claim used to revalidate tokens */
-  rh: string;
-  /** Subject identifier - unique to application ID */
-  sub: string;
-  /** Tenant ID the user is signing in to */
-  tid: string;
-  /** Unique identifier for a session */
-  sid: string;
-  /** Token identifier claim */
-  uti: string;
-  /** Indicates if user is in at least one group */
-  hasgroups: boolean;
-  /** User account status in tenant (0 = member, 1 = guest) */
-  acct: 0 | 1;
-  /** Auth Context IDs */
-  acrs: string;
-  /** Time when the user last authenticated */
-  auth_time: Date;
-  /** User's country/region */
-  ctry: string;
-  /** IP address of requesting client when inside VNET */
-  fwd: string;
-  /** Group claims */
-  groups: string;
-  /** Login hint for SSO */
-  login_hint: string;
-  /** Resource tenant's country/region */
-  tenant_ctry: string;
-  /** Region of the resource tenant */
-  tenant_region_scope: string;
-  /** UserPrincipalName */
-  upn: string;
-  /** User's verified primary email addresses */
-  verified_primary_email: string[];
-  /** User's verified secondary email addresses */
-  verified_secondary_email: string[];
-  /** Whether the user's email is verified (optional claim, must be configured in app registration) */
-  email_verified?: boolean | undefined;
-  /** VNET specifier information */
-  vnet: string;
-  /** Client Capabilities */
-  xms_cc: string;
-  /** Whether user's email domain is verified */
-  xms_edov: boolean;
-  /** Preferred data location for Multi-Geo tenants */
-  xms_pdl: string;
-  /** User preferred language */
-  xms_pl: string;
-  /** Tenant preferred language */
-  xms_tpl: string;
-  /** Zero-touch Deployment ID */
-  ztdid: string;
-  /** IP Address */
-  ipaddr: string;
-  /** On-premises Security Identifier */
-  onprem_sid: string;
-  /** Password Expiration Time */
-  pwd_exp: number;
-  /** Change Password URL */
-  pwd_url: string;
-  /** Inside Corporate Network flag */
-  in_corp: string;
-  /** User's family name/surname */
-  family_name: string;
-  /** User's given/first name */
-  given_name: string;
-}
-interface MicrosoftOptions extends ProviderOptions<MicrosoftEntraIDProfile> {
-  clientId: string | string[];
-  /**
-   * The tenant ID of the Microsoft account
-   * @default "common"
-   */
-  tenantId?: string | undefined;
-  /**
-   * The authentication authority URL. Use the default "https://login.microsoftonline.com" for standard Entra ID or "https://<tenant-id>.ciamlogin.com" for CIAM scenarios.
-   * @default "https://login.microsoftonline.com"
-   */
-  authority?: string | undefined;
-  /**
-   * The size of the profile photo
-   * @default 48
-   */
-  profilePhotoSize?: (48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648) | undefined;
-  /**
-   * Disable profile photo
-   */
-  disableProfilePhoto?: boolean | undefined;
-}
-declare const microsoft: (options: MicrosoftOptions) => {
-  id: "microsoft";
-  name: string;
-  createAuthorizationURL(data: {
-    state: string;
-    codeVerifier: string;
-    scopes?: string[] | undefined;
-    redirectURI: string;
-    display?: string | undefined;
-    loginHint?: string | undefined;
-  }): Promise<URL>;
-  validateAuthorizationCode({
-    code,
-    codeVerifier,
-    redirectURI
-  }: {
-    code: string;
-    redirectURI: string;
-    codeVerifier?: string | undefined;
-    deviceId?: string | undefined;
-  }): Promise<OAuth2Tokens>;
-  verifyIdToken(token: string, nonce: string | undefined): Promise<boolean>;
-  getUserInfo(token: OAuth2Tokens & {
-    user?: {
-      name?: {
-        firstName?: string;
-        lastName? /** The primary username that represents the user */: string;
-      };
-      email?: string;
-    } | undefined;
-  }): Promise<{
-    user: {
-      id: string;
-      name?: string;
-      email?: string | null;
-      image?: string;
-      emailVerified: boolean;
-      [key: string]: any;
-    };
-    data: any;
-  } | null>;
-  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
-  options: MicrosoftOptions;
-};
-declare const getMicrosoftPublicKey: (kid: string, tenant: string, authority: string) => Promise<Uint8Array<ArrayBufferLike> | CryptoKey>;
-//#endregion
-export { MicrosoftEntraIDProfile, MicrosoftOptions, getMicrosoftPublicKey, microsoft };

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/microsoft-entra-id.mjs

@@ -1,140 +0,0 @@
-import { APIError, BetterAuthError } from "../error/index.mjs";
-import { logger } from "../env/logger.mjs";
-import { getPrimaryClientId } from "../oauth2/utils.mjs";
-import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
-import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
-import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
-import { base64 } from "@better-auth/utils/base64";
-import { betterFetch } from "@better-fetch/fetch";
-import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-//#region src/social-providers/microsoft-entra-id.ts
-const microsoft = (options) => {
-	const tenant = options.tenantId || "common";
-	const authority = options.authority || "https://login.microsoftonline.com";
-	const authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;
-	const tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;
-	return {
-		id: "microsoft",
-		name: "Microsoft EntraID",
-		createAuthorizationURL(data) {
-			if (!getPrimaryClientId(options.clientId)) {
-				logger.error("Client Id is required for Microsoft Entra ID. Make sure to provide it in the options.");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			const scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email",
-				"User.Read",
-				"offline_access"
-			];
-			if (options.scope) scopes.push(...options.scope);
-			if (data.scopes) scopes.push(...data.scopes);
-			return createAuthorizationURL({
-				id: "microsoft",
-				options,
-				authorizationEndpoint,
-				state: data.state,
-				codeVerifier: data.codeVerifier,
-				scopes,
-				redirectURI: data.redirectURI,
-				prompt: options.prompt,
-				loginHint: data.loginHint
-			});
-		},
-		validateAuthorizationCode({ code, codeVerifier, redirectURI }) {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint
-			});
-		},
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) return false;
-			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			try {
-				const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
-				if (!kid || !jwtAlg) return false;
-				const publicKey = await getMicrosoftPublicKey(kid, tenant, authority);
-				const verifyOptions = {
-					algorithms: [jwtAlg],
-					audience: options.clientId,
-					maxTokenAge: "1h"
-				};
-				/**
-				* Issuer varies per user's tenant for multi-tenant endpoints, so only validate for specific tenants.
-				* @see https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols#endpoints
-				*/
-				if (tenant !== "common" && tenant !== "organizations" && tenant !== "consumers") verifyOptions.issuer = `${authority}/${tenant}/v2.0`;
-				const { payload: jwtClaims } = await jwtVerify(token, publicKey, verifyOptions);
-				if (nonce && jwtClaims.nonce !== nonce) return false;
-				return true;
-			} catch (error) {
-				logger.error("Failed to verify ID token:", error);
-				return false;
-			}
-		},
-		async getUserInfo(token) {
-			if (options.getUserInfo) return options.getUserInfo(token);
-			if (!token.idToken) return null;
-			const user = decodeJwt(token.idToken);
-			const profilePhotoSize = options.profilePhotoSize || 48;
-			await betterFetch(`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`, {
-				headers: { Authorization: `Bearer ${token.accessToken}` },
-				async onResponse(context) {
-					if (options.disableProfilePhoto || !context.response.ok) return;
-					try {
-						const pictureBuffer = await context.response.clone().arrayBuffer();
-						user.picture = `data:image/jpeg;base64, ${base64.encode(pictureBuffer)}`;
-					} catch (e) {
-						logger.error(e && typeof e === "object" && "name" in e ? e.name : "", e);
-					}
-				}
-			});
-			const userMap = await options.mapProfileToUser?.(user);
-			const emailVerified = user.email_verified !== void 0 ? user.email_verified : user.email && (user.verified_primary_email?.includes(user.email) || user.verified_secondary_email?.includes(user.email)) ? true : false;
-			return {
-				user: {
-					id: user.sub,
-					name: user.name,
-					email: user.email,
-					image: user.picture,
-					emailVerified,
-					...userMap
-				},
-				data: user
-			};
-		},
-		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
-			const scopes = options.disableDefaultScope ? [] : [
-				"openid",
-				"profile",
-				"email",
-				"User.Read",
-				"offline_access"
-			];
-			if (options.scope) scopes.push(...options.scope);
-			return refreshAccessToken({
-				refreshToken,
-				options: {
-					clientId: options.clientId,
-					clientSecret: options.clientSecret
-				},
-				extraParams: { scope: scopes.join(" ") },
-				tokenEndpoint
-			});
-		},
-		options
-	};
-};
-const getMicrosoftPublicKey = async (kid, tenant, authority) => {
-	const { data } = await betterFetch(`${authority}/${tenant}/discovery/v2.0/keys`);
-	if (!data?.keys) throw new APIError("BAD_REQUEST", { message: "Keys not found" });
-	const jwk = data.keys.find((key) => key.kid === kid);
-	if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
-	return await importJWK(jwk, jwk.alg);
-};
-//#endregion
-export { getMicrosoftPublicKey, microsoft };

package/template/apps/web/node_modules/@better-auth/core/dist/social-providers/naver.d.mts

@@ -1,92 +0,0 @@
-import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
-//#region src/social-providers/naver.d.ts
-interface NaverProfile {
-  /** API response result code */
-  resultcode: string;
-  /** API response message */
-  message: string;
-  response: {
-    /** Unique Naver user identifier */id: string; /** User nickname */
-    nickname: string; /** User real name */
-    name: string; /** User email address */
-    email: string; /** Gender (F: female, M: male, U: unknown) */
-    gender: string; /** Age range */
-    age: string; /** Birthday (MM-DD format) */
-    birthday: string; /** Birth year */
-    birthyear: string; /** Profile image URL */
-    profile_image: string; /** Mobile phone number */
-    mobile: string;
-  };
-}
-interface NaverOptions extends ProviderOptions<NaverProfile> {
-  clientId: string;
-}
-declare const naver: (options: NaverOptions) => {
-  id: "naver";
-  name: string;
-  createAuthorizationURL({
-    state,
-    scopes,
-    redirectURI
-  }: {
-    state: string;
-    codeVerifier: string;
-    scopes?: string[] | undefined;
-    redirectURI: string;
-    display?: string | undefined;
-    loginHint?: string | undefined;
-  }): Promise<URL>;
-  validateAuthorizationCode: ({
-    code,
-    redirectURI
-  }: {
-    code: string;
-    redirectURI: string;
-    codeVerifier?: string | undefined;
-    deviceId?: string | undefined;
-  }) => Promise<OAuth2Tokens>;
-  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
-  getUserInfo(token: OAuth2Tokens & {
-    user?: {
-      name?: {
-        firstName?: string;
-        lastName?: string;
-      };
-      email?: string;
-    } | undefined;
-  }): Promise<{
-    user: {
-      id: string;
-      name?: string;
-      email?: string | null;
-      image?: string;
-      emailVerified: boolean;
-      [key: string]: any;
-    };
-    data: any;
-  } | {
-    user: {
-      id: string;
-      name: string;
-      email: string;
-      image: string;
-      emailVerified: boolean;
-    } | {
-      id: string;
-      name: string;
-      email: string | null;
-      image: string;
-      emailVerified: boolean;
-    } | {
-      id: string;
-      name: string;
-      email: string | null;
-      image: string;
-      emailVerified: boolean;
-    };
-    data: NaverProfile;
-  } | null>;
-  options: NaverOptions;
-};
-//#endregion
-export { NaverOptions, NaverProfile, naver };