create-croissant 0.1.7 → 0.1.9

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/paypal.ts

@@ -1,263 +0,0 @@
-import { base64 } from "@better-auth/utils/base64";
-import { betterFetch } from "@better-fetch/fetch";
-import { decodeJwt } from "jose";
-import { logger } from "../env";
-import { BetterAuthError } from "../error";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import { createAuthorizationURL } from "../oauth2";
-
-export interface PayPalProfile {
-	user_id: string;
-	name: string;
-	given_name: string;
-	family_name: string;
-	middle_name?: string | undefined;
-	picture?: string | undefined;
-	email: string;
-	email_verified: boolean;
-	gender?: string | undefined;
-	birthdate?: string | undefined;
-	zoneinfo?: string | undefined;
-	locale?: string | undefined;
-	phone_number?: string | undefined;
-	address?:
-		| {
-				street_address?: string;
-				locality?: string;
-				region?: string;
-				postal_code?: string;
-				country?: string;
-		  }
-		| undefined;
-	verified_account?: boolean | undefined;
-	account_type?: string | undefined;
-	age_range?: string | undefined;
-	payer_id?: string | undefined;
-}
-
-export interface PayPalTokenResponse {
-	scope?: string | undefined;
-	access_token: string;
-	refresh_token?: string | undefined;
-	token_type: "Bearer";
-	id_token?: string | undefined;
-	expires_in: number;
-	nonce?: string | undefined;
-}
-
-export interface PayPalOptions extends ProviderOptions<PayPalProfile> {
-	clientId: string;
-	/**
-	 * PayPal environment - 'sandbox' for testing, 'live' for production
-	 * @default 'sandbox'
-	 */
-	environment?: ("sandbox" | "live") | undefined;
-	/**
-	 * Whether to request shipping address information
-	 * @default false
-	 */
-	requestShippingAddress?: boolean | undefined;
-}
-
-export const paypal = (options: PayPalOptions) => {
-	const environment = options.environment || "sandbox";
-	const isSandbox = environment === "sandbox";
-
-	const authorizationEndpoint = isSandbox
-		? "https://www.sandbox.paypal.com/signin/authorize"
-		: "https://www.paypal.com/signin/authorize";
-
-	const tokenEndpoint = isSandbox
-		? "https://api-m.sandbox.paypal.com/v1/oauth2/token"
-		: "https://api-m.paypal.com/v1/oauth2/token";
-
-	const userInfoEndpoint = isSandbox
-		? "https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo"
-		: "https://api-m.paypal.com/v1/identity/oauth2/userinfo";
-
-	return {
-		id: "paypal",
-		name: "PayPal",
-		async createAuthorizationURL({ state, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error(
-					"Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.",
-				);
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-
-			/**
-			 * Log in with PayPal doesn't use traditional OAuth2 scopes
-			 * Instead, permissions are configured in the PayPal Developer Dashboard
-			 * We don't pass any scopes to avoid "invalid scope" errors
-			 **/
-
-			const _scopes: string[] = [];
-
-			const url = await createAuthorizationURL({
-				id: "paypal",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt,
-			});
-			return url;
-		},
-
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			/**
-			 * PayPal requires Basic Auth for token exchange
-			 **/
-
-			const credentials = base64.encode(
-				`${options.clientId}:${options.clientSecret}`,
-			);
-
-			try {
-				const response = await betterFetch(tokenEndpoint, {
-					method: "POST",
-					headers: {
-						Authorization: `Basic ${credentials}`,
-						Accept: "application/json",
-						"Accept-Language": "en_US",
-						"Content-Type": "application/x-www-form-urlencoded",
-					},
-					body: new URLSearchParams({
-						grant_type: "authorization_code",
-						code: code,
-						redirect_uri: redirectURI,
-					}).toString(),
-				});
-
-				if (!response.data) {
-					throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
-				}
-
-				const data = response.data as PayPalTokenResponse;
-
-				const result = {
-					accessToken: data.access_token,
-					refreshToken: data.refresh_token,
-					accessTokenExpiresAt: data.expires_in
-						? new Date(Date.now() + data.expires_in * 1000)
-						: undefined,
-					idToken: data.id_token,
-				};
-
-				return result;
-			} catch (error) {
-				logger.error("PayPal token exchange failed:", error);
-				throw new BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");
-			}
-		},
-
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					const credentials = base64.encode(
-						`${options.clientId}:${options.clientSecret}`,
-					);
-
-					try {
-						const response = await betterFetch(tokenEndpoint, {
-							method: "POST",
-							headers: {
-								Authorization: `Basic ${credentials}`,
-								Accept: "application/json",
-								"Accept-Language": "en_US",
-								"Content-Type": "application/x-www-form-urlencoded",
-							},
-							body: new URLSearchParams({
-								grant_type: "refresh_token",
-								refresh_token: refreshToken,
-							}).toString(),
-						});
-
-						if (!response.data) {
-							throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
-						}
-
-						const data = response.data as any;
-						return {
-							accessToken: data.access_token,
-							refreshToken: data.refresh_token,
-							accessTokenExpiresAt: data.expires_in
-								? new Date(Date.now() + data.expires_in * 1000)
-								: undefined,
-						};
-					} catch (error) {
-						logger.error("PayPal token refresh failed:", error);
-						throw new BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");
-					}
-				},
-
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) {
-				return false;
-			}
-			if (options.verifyIdToken) {
-				return options.verifyIdToken(token, nonce);
-			}
-			try {
-				const payload = decodeJwt(token);
-				return !!payload.sub;
-			} catch (error) {
-				logger.error("Failed to verify PayPal ID token:", error);
-				return false;
-			}
-		},
-
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-
-			if (!token.accessToken) {
-				logger.error("Access token is required to fetch PayPal user info");
-				return null;
-			}
-
-			try {
-				const response = await betterFetch<PayPalProfile>(
-					`${userInfoEndpoint}?schema=paypalv1.1`,
-					{
-						headers: {
-							Authorization: `Bearer ${token.accessToken}`,
-							Accept: "application/json",
-						},
-					},
-				);
-
-				if (!response.data) {
-					logger.error("Failed to fetch user info from PayPal");
-					return null;
-				}
-
-				const userInfo = response.data;
-				const userMap = await options.mapProfileToUser?.(userInfo);
-
-				const result = {
-					user: {
-						id: userInfo.user_id,
-						name: userInfo.name,
-						email: userInfo.email,
-						image: userInfo.picture,
-						emailVerified: userInfo.email_verified,
-						...userMap,
-					},
-					data: userInfo,
-				};
-
-				return result;
-			} catch (error) {
-				logger.error("Failed to fetch user info from PayPal:", error);
-				return null;
-			}
-		},
-
-		options,
-	} satisfies OAuthProvider<PayPalProfile>;
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/polar.ts

@@ -1,111 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import {
-	createAuthorizationURL,
-	refreshAccessToken,
-	validateAuthorizationCode,
-} from "../oauth2";
-
-export interface PolarProfile {
-	id: string;
-	email: string;
-	username: string;
-	avatar_url: string;
-	github_username?: string | undefined;
-	account_id?: string | undefined;
-	public_name?: string | undefined;
-	email_verified?: boolean | undefined;
-	profile_settings?:
-		| {
-				profile_settings_enabled?: boolean;
-				profile_settings_public_name?: string;
-				profile_settings_public_avatar?: string;
-				profile_settings_public_bio?: string;
-				profile_settings_public_location?: string;
-				profile_settings_public_website?: string;
-				profile_settings_public_twitter?: string;
-				profile_settings_public_github?: string;
-				profile_settings_public_email?: string;
-		  }
-		| undefined;
-}
-
-export interface PolarOptions extends ProviderOptions<PolarProfile> {}
-
-export const polar = (options: PolarOptions) => {
-	const tokenEndpoint = "https://api.polar.sh/v1/oauth2/token";
-	return {
-		id: "polar",
-		name: "Polar",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope
-				? []
-				: ["openid", "profile", "email"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "polar",
-				options,
-				authorizationEndpoint: "https://polar.sh/oauth2/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt,
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint,
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-					});
-				},
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-			const { data: profile, error } = await betterFetch<PolarProfile>(
-				"https://api.polar.sh/v1/oauth2/userinfo",
-				{
-					headers: {
-						Authorization: `Bearer ${token.accessToken}`,
-					},
-				},
-			);
-			if (error) {
-				return null;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
-			// Polar may provide email_verified claim, but it's not guaranteed.
-			// We check for it first, then default to false for security consistency.
-			return {
-				user: {
-					id: profile.id,
-					name: profile.public_name || profile.username || "",
-					email: profile.email,
-					image: profile.avatar_url,
-					emailVerified: profile.email_verified ?? false,
-					...userMap,
-				},
-				data: profile,
-			};
-		},
-		options,
-	} satisfies OAuthProvider<PolarProfile>;
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/railway.ts

@@ -1,100 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import {
-	createAuthorizationURL,
-	refreshAccessToken,
-	validateAuthorizationCode,
-} from "../oauth2";
-
-const authorizationEndpoint = "https://backboard.railway.com/oauth/auth";
-const tokenEndpoint = "https://backboard.railway.com/oauth/token";
-const userinfoEndpoint = "https://backboard.railway.com/oauth/me";
-
-export interface RailwayProfile {
-	/** The user's unique ID (OAuth `sub` claim). */
-	sub: string;
-	/** The user's email address. */
-	email: string;
-	/** The user's display name. */
-	name: string;
-	/** URL of the user's profile picture. */
-	picture: string;
-}
-
-export interface RailwayOptions extends ProviderOptions<RailwayProfile> {
-	clientId: string;
-}
-
-export const railway = (options: RailwayOptions) => {
-	return {
-		id: "railway",
-		name: "Railway",
-		createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			const _scopes = options.disableDefaultScope
-				? []
-				: ["openid", "email", "profile"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "railway",
-				options,
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint,
-				authentication: "basic",
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-						authentication: "basic",
-					});
-				},
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-			const { data: profile, error } = await betterFetch<RailwayProfile>(
-				userinfoEndpoint,
-				{ headers: { authorization: `Bearer ${token.accessToken}` } },
-			);
-			if (error || !profile) {
-				return null;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
-			// Railway does not provide an email_verified claim.
-			// We default to false for security consistency.
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.name,
-					email: profile.email,
-					image: profile.picture,
-					emailVerified: false,
-					...userMap,
-				},
-				data: profile,
-			};
-		},
-		options,
-	} satisfies OAuthProvider<RailwayProfile>;
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/reddit.ts

@@ -1,122 +0,0 @@
-import { base64 } from "@better-auth/utils/base64";
-import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import {
-	createAuthorizationURL,
-	getOAuth2Tokens,
-	refreshAccessToken,
-} from "../oauth2";
-
-export interface RedditProfile {
-	id: string;
-	name: string;
-	icon_img: string | null;
-	has_verified_email: boolean;
-	oauth_client_id: string;
-	verified: boolean;
-}
-
-export interface RedditOptions extends ProviderOptions<RedditProfile> {
-	clientId: string;
-	duration?: string | undefined;
-}
-
-export const reddit = (options: RedditOptions) => {
-	return {
-		id: "reddit",
-		name: "Reddit",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["identity"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return createAuthorizationURL({
-				id: "reddit",
-				options,
-				authorizationEndpoint: "https://www.reddit.com/api/v1/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				duration: options.duration,
-			});
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			const body = new URLSearchParams({
-				grant_type: "authorization_code",
-				code,
-				redirect_uri: options.redirectURI || redirectURI,
-			});
-			const headers = {
-				"content-type": "application/x-www-form-urlencoded",
-				accept: "text/plain",
-				"user-agent": "better-auth",
-				Authorization: `Basic ${base64.encode(
-					`${options.clientId}:${options.clientSecret}`,
-				)}`,
-			};
-
-			const { data, error } = await betterFetch<object>(
-				"https://www.reddit.com/api/v1/access_token",
-				{
-					method: "POST",
-					headers,
-					body: body.toString(),
-				},
-			);
-
-			if (error) {
-				throw error;
-			}
-
-			return getOAuth2Tokens(data);
-		},
-
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						authentication: "basic",
-						tokenEndpoint: "https://www.reddit.com/api/v1/access_token",
-					});
-				},
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-
-			const { data: profile, error } = await betterFetch<RedditProfile>(
-				"https://oauth.reddit.com/api/v1/me",
-				{
-					headers: {
-						Authorization: `Bearer ${token.accessToken}`,
-						"User-Agent": "better-auth",
-					},
-				},
-			);
-
-			if (error) {
-				return null;
-			}
-
-			const userMap = await options.mapProfileToUser?.(profile);
-
-			return {
-				user: {
-					id: profile.id,
-					name: profile.name,
-					email: profile.oauth_client_id,
-					emailVerified: profile.has_verified_email,
-					image: profile.icon_img?.split("?")[0]!,
-					...userMap,
-				},
-				data: profile,
-			};
-		},
-		options,
-	} satisfies OAuthProvider<RedditProfile>;
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/roblox.ts

@@ -1,112 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import { refreshAccessToken, validateAuthorizationCode } from "../oauth2";
-
-export interface RobloxProfile extends Record<string, any> {
-	/** the user's id */
-	sub: string;
-	/** the user's username */
-	preferred_username: string;
-	/** the user's display name, will return the same value as the preferred_username if not set */
-	nickname: string;
-	/** the user's display name, again, will return the same value as the preferred_username if not set */
-	name: string;
-	/** the account creation date as a unix timestamp in seconds */
-	created_at: number;
-	/** the user's profile URL */
-	profile: string;
-	/** the user's avatar URL */
-	picture: string;
-}
-
-export interface RobloxOptions extends ProviderOptions<RobloxProfile> {
-	clientId: string;
-	prompt?:
-		| (
-				| "none"
-				| "consent"
-				| "login"
-				| "select_account"
-				| "select_account consent"
-		  )
-		| undefined;
-}
-
-export const roblox = (options: RobloxOptions) => {
-	const tokenEndpoint = "https://apis.roblox.com/oauth/v1/token";
-	return {
-		id: "roblox",
-		name: "Roblox",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["openid", "profile"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			return new URL(
-				`https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join(
-					"+",
-				)}&response_type=code&client_id=${
-					options.clientId
-				}&redirect_uri=${encodeURIComponent(
-					options.redirectURI || redirectURI,
-				)}&state=${state}&prompt=${options.prompt || "select_account consent"}`,
-			);
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI: options.redirectURI || redirectURI,
-				options,
-				tokenEndpoint,
-				authentication: "post",
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-					});
-				},
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-			const { data: profile, error } = await betterFetch<RobloxProfile>(
-				"https://apis.roblox.com/oauth/v1/userinfo",
-				{
-					headers: {
-						authorization: `Bearer ${token.accessToken}`,
-					},
-				},
-			);
-
-			if (error) {
-				return null;
-			}
-
-			const userMap = await options.mapProfileToUser?.(profile);
-			// Roblox does not provide email or email_verified claim.
-			// We default to false for security consistency.
-			return {
-				user: {
-					id: profile.sub,
-					name: profile.nickname || profile.preferred_username || "",
-					image: profile.picture,
-					email: profile.preferred_username || null, // Roblox does not provide email
-					emailVerified: false,
-					...userMap,
-				},
-				data: {
-					...profile,
-				},
-			};
-		},
-		options,
-	} satisfies OAuthProvider<RobloxProfile>;
-};