hylekit 1.0.5 → 1.0.6

package/dist/index.cjs

@@ -276,10 +276,7 @@ function createNextJsServer(auth, db) {
      * Next.js route handler for auth routes.
      * Place this in `app/api/auth/[...auth]/route.ts`
      */
-    handler: {
-      GET: handler,
-      POST: handler
-    },
+    handler,
     /**
      * Get session from current request headers.
      * Use in Server Components or Route Handlers.

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/lib/auth.ts","../src/lib/schema.ts","../src/lib/db.ts","../src/server/sveltekit.ts","../src/server/nextjs.ts","../src/bff/client.ts","../src/bff/nextjs.ts","../src/bff/sveltekit.ts","../src/server/express.ts"],"sourcesContent":["// Core factory functions\nimport { createAuth, type HyleAuthConfig } from \"./lib/auth\";\nimport { createDb, type HyleDbConfig } from \"./lib/db\";\nimport * as schema from \"./lib/schema\";\n\n// Framework adapters (server-only)\nimport { createSvelteKitServer } from \"./server/sveltekit\";\nimport { createNextJsServer } from \"./server/nextjs\";\nimport { createNextJsBff, createSvelteKitBff } from \"./bff/index\";\nimport {\n    expressAdapter,\n    createExpressMiddleware,\n    middleware as expressMiddleware,\n    isAuthenticated,\n    getAuthContext,\n} from \"./server/express\";\n\n// Export types\nexport type {\n    SessionResult,\n    SessionData,\n    UserInfo,\n    Session,\n    User,\n} from \"./client/types\";\n\nexport type { BffClientConfig, RequestOptions } from \"./bff/types\";\n\nexport type {\n    AuthenticatedRequest,\n    MiddlewareOptions,\n} from \"./server/express\";\n\nexport type { HyleAuthConfig, HyleDbConfig };\n\n// Core exports - factory functions for creating db and auth\nexport { createDb, createAuth };\n\n// Schema exports\nexport { user, session, account, verification } from \"./lib/schema\";\nexport { schema };\n\n// Server adapters (factory functions)\nexport { createSvelteKitServer, createNextJsServer };\n\n// Express adapter\nexport { expressAdapter as express };\nexport { createExpressMiddleware, expressMiddleware, isAuthenticated, getAuthContext };\n\n// BFF exports\nexport { createNextJsBff, createSvelteKitBff };\n\n// Namespace exports\nconst bff = {\n    createNextJsBff,\n    createSvelteKitBff\n};\nexport { bff };\n\n// Default export\nconst hyle = {\n    createDb,\n    createAuth,\n    schema,\n    server: {\n        createSvelteKitServer,\n        createNextJsServer,\n        express: expressAdapter\n    },\n    bff\n};\n\nexport default hyle;","import \"server-only\";\nimport { betterAuth } from \"better-auth\";\nimport { drizzleAdapter } from \"better-auth/adapters/drizzle\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for Hyle authentication.\n */\nexport interface HyleAuthConfig {\n    /** Base URL for the auth server (e.g., \"https://myapp.com\") */\n    baseURL: string;\n    /** Secret key for signing sessions and tokens */\n    secret: string;\n    /** List of trusted origins for CORS (optional) */\n    trustedOrigins?: string[];\n    /** Google OAuth configuration (optional) */\n    google?: {\n        clientId: string;\n        clientSecret: string;\n    };\n    /** Session configuration (optional, uses sensible defaults) */\n    session?: {\n        /** Session expiry in seconds (default: 7 days) */\n        expiresIn?: number;\n        /** Session update interval in seconds (default: 24 hours) */\n        updateAge?: number;\n        /** Cookie cache settings */\n        cookieCache?: {\n            enabled?: boolean;\n            maxAge?: number;\n        };\n    };\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n// Type for the database created by createDb\ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle<typeof schema>>;\n\n/**\n * Creates a BetterAuth instance with the provided configuration.\n * \n * @param db - Database instance created by createDb()\n * @param config - Authentication configuration\n * @returns A BetterAuth instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/auth.ts)\n * import { createDb, createAuth } from \"hylekit\";\n * \n * const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * \n * export const auth = createAuth(db, {\n *     baseURL: process.env.BETTER_AUTH_URL!,\n *     secret: process.env.BETTER_AUTH_SECRET!,\n *     google: {\n *         clientId: process.env.GOOGLE_CLIENT_ID!,\n *         clientSecret: process.env.GOOGLE_CLIENT_SECRET!,\n *     },\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createAuth(db: HyleDb, config: HyleAuthConfig) {\n    assertServerOnly('createAuth');\n\n    const sessionConfig = {\n        expiresIn: config.session?.expiresIn ?? 60 * 60 * 24 * 7, // 7 days\n        updateAge: config.session?.updateAge ?? 60 * 60 * 24, // 24 hours\n        cookieCache: {\n            enabled: config.session?.cookieCache?.enabled ?? true,\n            maxAge: config.session?.cookieCache?.maxAge ?? 60 * 5, // 5 minutes\n        },\n    };\n\n    return betterAuth({\n        database: drizzleAdapter(db, {\n            provider: \"sqlite\",\n            schema: {\n                ...schema\n            }\n        }),\n        baseURL: config.baseURL,\n        secret: config.secret,\n        trustedOrigins: config.trustedOrigins,\n        socialProviders: config.google ? {\n            google: {\n                clientId: config.google.clientId,\n                clientSecret: config.google.clientSecret,\n            },\n        } : undefined,\n        session: sessionConfig,\n    });\n}\n\nexport { schema };\n","import { relations, sql } from \"drizzle-orm\";\nimport { sqliteTable, text, integer, index } from \"drizzle-orm/sqlite-core\";\n\nexport const user = sqliteTable(\"user\", {\n  id: text(\"id\").primaryKey(),\n  name: text(\"name\").notNull(),\n  email: text(\"email\").notNull().unique(),\n  emailVerified: integer(\"email_verified\", { mode: \"boolean\" })\n    .default(false)\n    .notNull(),\n  image: text(\"image\"),\n  createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .notNull(),\n  updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .$onUpdate(() => /* @__PURE__ */ new Date())\n    .notNull(),\n});\n\nexport const session = sqliteTable(\n  \"session\",\n  {\n    id: text(\"id\").primaryKey(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    token: text(\"token\").notNull().unique(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n    ipAddress: text(\"ip_address\"),\n    userAgent: text(\"user_agent\"),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n  },\n  (table) => [index(\"session_userId_idx\").on(table.userId)],\n);\n\nexport const account = sqliteTable(\n  \"account\",\n  {\n    id: text(\"id\").primaryKey(),\n    accountId: text(\"account_id\").notNull(),\n    providerId: text(\"provider_id\").notNull(),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n    accessToken: text(\"access_token\"),\n    refreshToken: text(\"refresh_token\"),\n    idToken: text(\"id_token\"),\n    accessTokenExpiresAt: integer(\"access_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    refreshTokenExpiresAt: integer(\"refresh_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    scope: text(\"scope\"),\n    password: text(\"password\"),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"account_userId_idx\").on(table.userId)],\n);\n\nexport const verification = sqliteTable(\n  \"verification\",\n  {\n    id: text(\"id\").primaryKey(),\n    identifier: text(\"identifier\").notNull(),\n    value: text(\"value\").notNull(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"verification_identifier_idx\").on(table.identifier)],\n);\n\nexport const userRelations = relations(user, ({ many }) => ({\n  sessions: many(session),\n  accounts: many(account),\n}));\n\nexport const sessionRelations = relations(session, ({ one }) => ({\n  user: one(user, {\n    fields: [session.userId],\n    references: [user.id],\n  }),\n}));\n\nexport const accountRelations = relations(account, ({ one }) => ({\n  user: one(user, {\n    fields: [account.userId],\n    references: [user.id],\n  }),\n}));\n","import \"server-only\";\nimport { drizzle } from \"drizzle-orm/libsql\";\nimport { createClient } from \"@libsql/client\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for the Hyle database connection.\n */\nexport interface HyleDbConfig {\n    /** Turso/LibSQL database URL */\n    url: string;\n    /** Authentication token for the database (required for remote Turso databases) */\n    authToken?: string;\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n/**\n * Creates a database connection with the provided configuration.\n * \n * @param config - Database configuration\n * @returns A Drizzle database instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/db.ts)\n * import { createDb } from \"hylekit\";\n * \n * export const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createDb(config: HyleDbConfig) {\n    assertServerOnly('createDb');\n\n    const client = createClient({\n        url: config.url,\n        authToken: config.authToken,\n    });\n\n    return drizzle(client, { schema });\n}\n\nexport { schema };\n","import \"server-only\";\nimport { toSvelteKitHandler } from \"better-auth/svelte-kit\";\nimport type { Handle, RequestEvent } from \"@sveltejs/kit\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates SvelteKit server-side auth utilities.\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for SvelteKit\n * \n * @example\n * ```typescript\n * // In src/lib/server/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createSvelteKitServer } from \"hylekit/sveltekit\";\n * \n * const db = createDb({ url: env.HYLE_DATABASE_URL, authToken: env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: env.PUBLIC_APP_URL, secret: env.BETTER_AUTH_SECRET, ... });\n * \n * export const { handler, getSession, isAuthenticated, createHandle, makeAuthenticatedCall } = createSvelteKitServer(auth, db);\n * ```\n */\nexport function createSvelteKitServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toSvelteKitHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * SvelteKit request handler for auth routes.\n         * Place this in `src/routes/api/auth/[...auth]/+server.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Creates a SvelteKit handle hook for session management.\n         */\n        createHandle: (): Handle => {\n            return async ({ event, resolve }) => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n\n                // Set on locals - consumer must extend App.Locals type\n                (event.locals as Record<string, unknown>).session = session;\n                (event.locals as Record<string, unknown>).user = session?.user ?? null;\n\n                return resolve(event);\n            };\n        },\n\n        /**\n         * Get session from request event.\n         */\n        getSession: async (event: RequestEvent): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: event.request.headers,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         */\n        isAuthenticated: async (event: RequestEvent): Promise<boolean> => {\n            const session = await auth.api.getSession({\n                headers: event.request.headers,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db; event: RequestEvent }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (event: RequestEvent, ...args: TArgs): Promise<TReturn> => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db, event }, ...args);\n            }\n        }\n    };\n}\n","import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n","import type { BffClientConfig, FetchMethod, RequestOptions } from \"./types\";\n\n/**\n * Base client logic.\n */\nexport class BffClientBase {\n    constructor(private config: BffClientConfig) {}\n\n    protected async request<T>(\n        path: string,\n        method: FetchMethod,\n        options: RequestOptions = {}\n    ): Promise<T> {\n        const url = new URL(path, this.config.baseUrl);\n        \n        if (options.query) {\n            Object.entries(options.query).forEach(([key, value]) => {\n                if (value !== undefined) {\n                    url.searchParams.append(key, String(value));\n                }\n            });\n        }\n\n        const headers = new Headers(options.headers || {});\n        \n        // Add default headers\n        if (this.config.headers) {\n            Object.entries(this.config.headers).forEach(([key, value]) => {\n                if (!headers.has(key)) {\n                    headers.set(key, value);\n                }\n            });\n        }\n\n        // Set Content-Type if body is present and not FormData\n        if (options.body && !(options.body instanceof FormData) && !headers.has(\"Content-Type\")) {\n            headers.set(\"Content-Type\", \"application/json\");\n        }\n\n        const response = await fetch(url.toString(), {\n            ...options,\n            method,\n            headers,\n        });\n\n        if (!response.ok) {\n            throw new Error(`BFF Request Failed: ${response.status} ${response.statusText}`);\n        }\n\n        // Retrieve the Content-Type header to check if the response is JSON\n        const contentType = response.headers.get(\"content-type\");\n        if (contentType && contentType.includes(\"application/json\")) {\n            return response.json() as Promise<T>;\n        }\n        \n        return response.text() as unknown as Promise<T>;\n    }\n}\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport { headers } from \"next/headers\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n\n/**\n * Next.js BFF Client that requires an auth instance.\n */\nexport class NextJsBffClient extends BffClientBase {\n    private auth: HyleAuth;\n\n    constructor(auth: HyleAuth, config: BffClientConfig) {\n        super(config);\n        this.auth = auth;\n    }\n\n    private async getAuthHeaders(): Promise<Record<string, string>> {\n        try {\n            const requestHeaders = await headers();\n            const sessionData = await this.auth.api.getSession({\n                headers: requestHeaders\n            });\n\n            if (!sessionData) return {};\n\n            return {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        } catch (e) {\n            // Context where headers() is not available (e.g. static generation)\n            return {};\n        }\n    }\n\n    async get<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"GET\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async post<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"POST\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async put<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PUT\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async patch<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PATCH\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async delete<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"DELETE\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n}\n\n/**\n * Creates a Next.js BFF client for making authenticated requests to your Express API.\n * \n * @param auth - Auth instance created by createAuth()\n * @param baseUrlOrConfig - Base URL string or full config object\n * \n * @example\n * ```typescript\n * // In lib/bff.ts\n * import { createDb, createAuth, createNextJsBff } from \"hylekit\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { ... });\n * \n * export const bff = createNextJsBff(auth, process.env.EXPRESS_API_URL!);\n * \n * // Usage in server components\n * const data = await bff.get(\"/api/data\");\n * ```\n */\nexport const createNextJsBff = (auth: HyleAuth, baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\"\n        ? { baseUrl: baseUrlOrConfig }\n        : baseUrlOrConfig;\n    return new NextJsBffClient(auth, config);\n};\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\n\nexport class SvelteKitBffClient extends BffClientBase {\n    constructor(config: BffClientConfig) {\n        super(config);\n    }\n\n    /**\n     * Creates a request context bound to a specific SvelteKit event.\n     * This is necessary because SvelteKit doesn't have global request storage.\n     */\n    with(event: RequestEvent) {\n        // Extract token from locals if available (set by our handle hook)\n        // or try to get it from session.\n        const sessionData = (event.locals as any).session;\n        let authHeaders: Record<string, string> = {};\n\n        if (sessionData?.user && sessionData?.session) {\n            authHeaders = {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        }\n\n        return {\n            get: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"GET\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n            \n            post: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"POST\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            put: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PUT\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            patch: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PATCH\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            delete: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"DELETE\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n        };\n    }\n}\n\nexport const createSvelteKitBff = (baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\" \n        ? { baseUrl: baseUrlOrConfig } \n        : baseUrlOrConfig;\n    return new SvelteKitBffClient(config);\n};\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { Session, User } from \"better-auth\";\nimport { session as sessionTable, user as userTable } from \"../lib/schema\";\nimport { eq, and, gt } from \"drizzle-orm\";\n\n/**\n * Extended Request with authenticated user context.\n */\nexport interface AuthenticatedRequest extends Request {\n  /**\n   * The authenticated user. Available on all authenticated routes.\n   */\n  authUser: User;\n\n  /**\n   * The current session. Available on all authenticated routes.\n   */\n  authSession: Session;\n\n  /**\n   * @deprecated Use authUser instead\n   */\n  user?: User;\n\n  /**\n   * @deprecated Use authSession instead\n   */\n  session?: Session;\n}\n\nexport interface MiddlewareOptions {\n  /**\n   * Routes that don't require authentication.\n   * Supports exact paths and patterns with wildcards.\n   * @example [\"/health\", \"/public/*\", \"/api/webhooks/*\"]\n   */\n  unauthenticatedRoutes?: string[];\n\n  /**\n   * If true, verify session against the database.\n   * Use for service-to-service calls where headers can't be implicitly trusted.\n   * @default false\n   */\n  verifySession?: boolean;\n\n  /**\n   * Whether to require authentication for non-unauthenticated routes.\n   * Returns 401 on missing/invalid session.\n   * @default true\n   */\n  required?: boolean;\n}\n\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Check if a path matches any of the unauthenticated route patterns.\n */\nfunction isUnauthenticatedRoute(path: string, patterns: string[]): boolean {\n  for (const pattern of patterns) {\n    if (pattern === path) return true;\n\n    // Handle wildcard patterns like \"/public/*\"\n    if (pattern.endsWith(\"/*\")) {\n      const prefix = pattern.slice(0, -2);\n      if (path === prefix || path.startsWith(prefix + \"/\")) {\n        return true;\n      }\n    }\n\n    // Handle double wildcard patterns like \"/api/**/health\"\n    if (pattern.includes(\"**\")) {\n      const regex = new RegExp(\n        \"^\" + pattern.replace(/\\*\\*/g, \".*\").replace(/\\*/g, \"[^/]*\") + \"$\"\n      );\n      if (regex.test(path)) return true;\n    }\n  }\n  return false;\n}\n\n/**\n * Creates Express middleware for session verification.\n * \n * @param db - Database instance created by createDb() (optional, required if using verifySession)\n * \n * @example\n * // Basic usage - trust headers from BFF (no db needed)\n * app.use(createExpressMiddleware()());\n * \n * @example\n * // With DB verification for service-to-service calls\n * import { createDb } from \"hylekit\";\n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * app.use(createExpressMiddleware(db)({ verifySession: true }));\n * \n * @example\n * // With unauthenticated routes\n * app.use(createExpressMiddleware(db)({\n *   unauthenticatedRoutes: [\"/health\", \"/public/*\", \"/api/webhooks/*\"],\n *   verifySession: true\n * }));\n */\nexport const createExpressMiddleware = (db?: HyleDb) => {\n  return (options: MiddlewareOptions = {}) => {\n    const {\n      unauthenticatedRoutes = [],\n      verifySession = false,\n      required = true\n    } = options;\n\n    if (verifySession && !db) {\n      throw new Error(\n        \"[hylekit] CONFIGURATION ERROR: verifySession requires a database instance. \" +\n        \"Pass a db instance to createExpressMiddleware(db).\"\n      );\n    }\n\n    return async (req: Request, res: Response, next: NextFunction) => {\n      const authReq = req as AuthenticatedRequest;\n\n      // Check if route is unauthenticated\n      if (isUnauthenticatedRoute(req.path, unauthenticatedRoutes)) {\n        return next();\n      }\n\n      try {\n        const userHeader = req.headers[\"x-hyle-user\"];\n        const sessionHeader = req.headers[\"x-hyle-session\"];\n\n        // No session header provided\n        if (!sessionHeader || typeof sessionHeader !== \"string\") {\n          if (required) {\n            return res.status(401).json({ error: \"Unauthorized\" });\n          }\n          return next();\n        }\n\n        const sessionData = JSON.parse(\n          Buffer.from(sessionHeader, \"base64\").toString(\"utf-8\")\n        );\n\n        // Verify session against DB if required\n        if (verifySession && db) {\n          const result = await db\n            .select({\n              session: sessionTable,\n              user: userTable,\n            })\n            .from(sessionTable)\n            .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n            .where(\n              and(\n                eq(sessionTable.id, sessionData.id),\n                gt(sessionTable.expiresAt, new Date())\n              )\n            )\n            .limit(1);\n\n          if (result.length === 0) {\n            if (required) {\n              return res.status(401).json({ error: \"Invalid or expired session\" });\n            }\n            return next();\n          }\n\n          // Inject auth context\n          authReq.authUser = result[0].user as User;\n          authReq.authSession = result[0].session as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n\n          return next();\n        }\n\n        // Trust headers mode (for internal BFF calls)\n        let userData: User | undefined;\n\n        if (userHeader && typeof userHeader === \"string\") {\n          userData = JSON.parse(\n            Buffer.from(userHeader, \"base64\").toString(\"utf-8\")\n          );\n        }\n\n        if (!userData && required) {\n          return res.status(401).json({ error: \"Unauthorized\" });\n        }\n\n        if (userData) {\n          // Inject auth context\n          authReq.authUser = userData;\n          authReq.authSession = sessionData as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n        }\n\n        next();\n      } catch (error) {\n        console.error(\"[hyle] Auth middleware error:\", error);\n        if (required) {\n          return res.status(401).json({ error: \"Authentication failed\" });\n        }\n        next();\n      }\n    };\n  };\n};\n\n/**\n * @deprecated Use createExpressMiddleware(db) instead. This export will be removed in a future version.\n */\nexport const middleware = createExpressMiddleware();\n\n/**\n * Type guard to check if request is authenticated.\n */\nexport function isAuthenticated(req: Request): req is AuthenticatedRequest {\n  return !!(req as AuthenticatedRequest).authUser;\n}\n\n/**\n * Helper to get auth context from request.\n * Throws if not authenticated.\n */\nexport function getAuthContext(req: Request): { user: User; session: Session } {\n  const authReq = req as AuthenticatedRequest;\n  if (!authReq.authUser || !authReq.authSession) {\n    throw new Error(\"Request is not authenticated\");\n  }\n  return { user: authReq.authUser, session: authReq.authSession };\n}\n\n/**\n * Express adapter exports\n */\nexport const expressAdapter = {\n  createMiddleware: createExpressMiddleware,\n  /** @deprecated Use createMiddleware instead */\n  middleware,\n  isAuthenticated,\n  getAuthContext,\n};\n\n// Default export for convenience\nexport default expressAdapter;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAAO;AACP,yBAA2B;AAC3B,qBAA+B;;;ACF/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA+B;AAC/B,yBAAkD;AAE3C,IAAM,WAAO,gCAAY,QAAQ;AAAA,EACtC,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,EAC1B,UAAM,yBAAK,MAAM,EAAE,QAAQ;AAAA,EAC3B,WAAO,yBAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,EACtC,mBAAe,4BAAQ,kBAAkB,EAAE,MAAM,UAAU,CAAC,EACzD,QAAQ,KAAK,EACb,QAAQ;AAAA,EACX,WAAO,yBAAK,OAAO;AAAA,EACnB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,EACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AACb,CAAC;AAEM,IAAM,cAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,WAAO,yBAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,IACtC,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,IACX,eAAW,yBAAK,YAAY;AAAA,IAC5B,eAAW,yBAAK,YAAY;AAAA,IAC5B,YAAQ,yBAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,EACtD;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,cAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,eAAW,yBAAK,YAAY,EAAE,QAAQ;AAAA,IACtC,gBAAY,yBAAK,aAAa,EAAE,QAAQ;AAAA,IACxC,YAAQ,yBAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACpD,iBAAa,yBAAK,cAAc;AAAA,IAChC,kBAAc,yBAAK,eAAe;AAAA,IAClC,aAAS,yBAAK,UAAU;AAAA,IACxB,0BAAsB,4BAAQ,2BAA2B;AAAA,MACvD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,2BAAuB,4BAAQ,4BAA4B;AAAA,MACzD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,WAAO,yBAAK,OAAO;AAAA,IACnB,cAAU,yBAAK,UAAU;AAAA,IACzB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,mBAAe;AAAA,EAC1B;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,gBAAY,yBAAK,YAAY,EAAE,QAAQ;AAAA,IACvC,WAAO,yBAAK,OAAO,EAAE,QAAQ;AAAA,IAC7B,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,6BAA6B,EAAE,GAAG,MAAM,UAAU,CAAC;AACvE;AAEO,IAAM,oBAAgB,8BAAU,MAAM,CAAC,EAAE,KAAK,OAAO;AAAA,EAC1D,UAAU,KAAK,OAAO;AAAA,EACtB,UAAU,KAAK,OAAO;AACxB,EAAE;AAEK,IAAM,uBAAmB,8BAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;AAEK,IAAM,uBAAmB,8BAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;;;ADpEF,SAAS,iBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAkCO,SAAS,WAAW,IAAY,QAAwB;AAC3D,mBAAiB,YAAY;AAE7B,QAAM,gBAAgB;AAAA,IAClB,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK,KAAK;AAAA;AAAA,IACvD,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK;AAAA;AAAA,IAClD,aAAa;AAAA,MACT,SAAS,OAAO,SAAS,aAAa,WAAW;AAAA,MACjD,QAAQ,OAAO,SAAS,aAAa,UAAU,KAAK;AAAA;AAAA,IACxD;AAAA,EACJ;AAEA,aAAO,+BAAW;AAAA,IACd,cAAU,+BAAe,IAAI;AAAA,MACzB,UAAU;AAAA,MACV,QAAQ;AAAA,QACJ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,IACD,SAAS,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,gBAAgB,OAAO;AAAA,IACvB,iBAAiB,OAAO,SAAS;AAAA,MAC7B,QAAQ;AAAA,QACJ,UAAU,OAAO,OAAO;AAAA,QACxB,cAAc,OAAO,OAAO;AAAA,MAChC;AAAA,IACJ,IAAI;AAAA,IACJ,SAAS;AAAA,EACb,CAAC;AACL;;;AE7GA,IAAAA,sBAAO;AACP,oBAAwB;AACxB,oBAA6B;AAiB7B,SAASC,kBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAqBO,SAAS,SAAS,QAAsB;AAC3C,EAAAA,kBAAiB,UAAU;AAE3B,QAAM,aAAS,4BAAa;AAAA,IACxB,KAAK,OAAO;AAAA,IACZ,WAAW,OAAO;AAAA,EACtB,CAAC;AAED,aAAO,uBAAQ,QAAQ,EAAE,uBAAO,CAAC;AACrC;;;ACxDA,IAAAC,sBAAO;AACP,wBAAmC;AA4B5B,SAAS,sBAAsB,MAAgB,IAAY;AAC9D,QAAM,cAAU,sCAAmB,IAAI;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA,IAKA,cAAc,MAAc;AACxB,aAAO,OAAO,EAAE,OAAO,QAAQ,MAAM;AACjC,cAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AAGD,QAAC,MAAM,OAAmC,UAAUA;AACpD,QAAC,MAAM,OAAmC,OAAOA,UAAS,QAAQ;AAElE,eAAO,QAAQ,KAAK;AAAA,MACxB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY,OAAO,UAAgD;AAC/D,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA,IAKA,iBAAiB,OAAO,UAA0C;AAC9D,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,OAAO,UAAwB,SAAkC;AACpE,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,IAAI,MAAM,GAAG,GAAG,IAAI;AAAA,MAClF;AAAA,IACJ;AAAA,EACJ;AACJ;;;ACrGA,IAAAC,sBAAO;AACP,qBAAgC;AAChC,qBAAwB;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAC3D,QAAM,cAAU,gCAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,UAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,UAAM,wBAAQ;AACrC,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;;;AC1GO,IAAM,gBAAN,MAAoB;AAAA,EACvB,YAAoB,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAE9C,MAAgB,QACZ,MACA,QACA,UAA0B,CAAC,GACjB;AACV,UAAM,MAAM,IAAI,IAAI,MAAM,KAAK,OAAO,OAAO;AAE7C,QAAI,QAAQ,OAAO;AACf,aAAO,QAAQ,QAAQ,KAAK,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,UAAU,QAAW;AACrB,cAAI,aAAa,OAAO,KAAK,OAAO,KAAK,CAAC;AAAA,QAC9C;AAAA,MACJ,CAAC;AAAA,IACL;AAEA,UAAMC,WAAU,IAAI,QAAQ,QAAQ,WAAW,CAAC,CAAC;AAGjD,QAAI,KAAK,OAAO,SAAS;AACrB,aAAO,QAAQ,KAAK,OAAO,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC1D,YAAI,CAACA,SAAQ,IAAI,GAAG,GAAG;AACnB,UAAAA,SAAQ,IAAI,KAAK,KAAK;AAAA,QAC1B;AAAA,MACJ,CAAC;AAAA,IACL;AAGA,QAAI,QAAQ,QAAQ,EAAE,QAAQ,gBAAgB,aAAa,CAACA,SAAQ,IAAI,cAAc,GAAG;AACrF,MAAAA,SAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAClD;AAEA,UAAM,WAAW,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACzC,GAAG;AAAA,MACH;AAAA,MACA,SAAAA;AAAA,IACJ,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AACd,YAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,IACnF;AAGA,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,QAAI,eAAe,YAAY,SAAS,kBAAkB,GAAG;AACzD,aAAO,SAAS,KAAK;AAAA,IACzB;AAEA,WAAO,SAAS,KAAK;AAAA,EACzB;AACJ;;;ACvDA,IAAAC,kBAAwB;AAQjB,IAAM,kBAAN,cAA8B,cAAc;AAAA,EAG/C,YAAY,MAAgB,QAAyB;AACjD,UAAM,MAAM;AACZ,SAAK,OAAO;AAAA,EAChB;AAAA,EAEA,MAAc,iBAAkD;AAC5D,QAAI;AACA,YAAM,iBAAiB,UAAM,yBAAQ;AACrC,YAAM,cAAc,MAAM,KAAK,KAAK,IAAI,WAAW;AAAA,QAC/C,SAAS;AAAA,MACb,CAAC;AAED,UAAI,CAAC,YAAa,QAAO,CAAC;AAE1B,aAAO;AAAA,QACH,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ,SAAS,GAAG;AAER,aAAO,CAAC;AAAA,IACZ;AAAA,EACJ;AAAA,EAEA,MAAM,IAAO,MAAc,SAAsC;AAC7D,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,KAAQ,MAAc,MAAY,SAAsC;AAC1E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,QAAQ;AAAA,MACjC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,IAAO,MAAc,MAAY,SAAsC;AACzE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,MAAS,MAAc,MAAY,SAAsC;AAC3E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,SAAS;AAAA,MAClC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,OAAU,MAAc,SAAsC;AAChE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,UAAU;AAAA,MACnC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AACJ;AAsBO,IAAM,kBAAkB,CAAC,MAAgB,oBAA8C;AAC1F,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,gBAAgB,MAAM,MAAM;AAC3C;;;ACrHO,IAAM,qBAAN,cAAiC,cAAc;AAAA,EAClD,YAAY,QAAyB;AACjC,UAAM,MAAM;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,OAAqB;AAGtB,UAAM,cAAe,MAAM,OAAe;AAC1C,QAAI,cAAsC,CAAC;AAE3C,QAAI,aAAa,QAAQ,aAAa,SAAS;AAC3C,oBAAc;AAAA,QACV,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,KAAK,CAAI,MAAc,YACnB,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,MAAM,CAAI,MAAc,MAAY,YAChC,KAAK,QAAW,MAAM,QAAQ;AAAA,QAC1B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,KAAK,CAAI,MAAc,MAAY,YAC/B,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,OAAO,CAAI,MAAc,MAAY,YACjC,KAAK,QAAW,MAAM,SAAS;AAAA,QAC3B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,QAAQ,CAAI,MAAc,YACtB,KAAK,QAAW,MAAM,UAAU;AAAA,QAC5B,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,IACT;AAAA,EACJ;AACJ;AAEO,IAAM,qBAAqB,CAAC,oBAA8C;AAC7E,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,mBAAmB,MAAM;AACxC;;;ACjEA,IAAAC,sBAA4B;AAwD5B,SAAS,uBAAuB,MAAc,UAA6B;AACzE,aAAW,WAAW,UAAU;AAC9B,QAAI,YAAY,KAAM,QAAO;AAG7B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,UAAI,SAAS,UAAU,KAAK,WAAW,SAAS,GAAG,GAAG;AACpD,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,QAAQ,IAAI;AAAA,QAChB,MAAM,QAAQ,QAAQ,SAAS,IAAI,EAAE,QAAQ,OAAO,OAAO,IAAI;AAAA,MACjE;AACA,UAAI,MAAM,KAAK,IAAI,EAAG,QAAO;AAAA,IAC/B;AAAA,EACF;AACA,SAAO;AACT;AAwBO,IAAM,0BAA0B,CAAC,OAAgB;AACtD,SAAO,CAAC,UAA6B,CAAC,MAAM;AAC1C,UAAM;AAAA,MACJ,wBAAwB,CAAC;AAAA,MACzB,gBAAgB;AAAA,MAChB,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,iBAAiB,CAAC,IAAI;AACxB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,WAAO,OAAO,KAAc,KAAe,SAAuB;AAChE,YAAM,UAAU;AAGhB,UAAI,uBAAuB,IAAI,MAAM,qBAAqB,GAAG;AAC3D,eAAO,KAAK;AAAA,MACd;AAEA,UAAI;AACF,cAAM,aAAa,IAAI,QAAQ,aAAa;AAC5C,cAAM,gBAAgB,IAAI,QAAQ,gBAAgB;AAGlD,YAAI,CAAC,iBAAiB,OAAO,kBAAkB,UAAU;AACvD,cAAI,UAAU;AACZ,mBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,UACvD;AACA,iBAAO,KAAK;AAAA,QACd;AAEA,cAAM,cAAc,KAAK;AAAA,UACvB,OAAO,KAAK,eAAe,QAAQ,EAAE,SAAS,OAAO;AAAA,QACvD;AAGA,YAAI,iBAAiB,IAAI;AACvB,gBAAM,SAAS,MAAM,GAClB,OAAO;AAAA,YACN;AAAA,YACA;AAAA,UACF,CAAC,EACA,KAAK,OAAY,EACjB,UAAU,UAAW,wBAAG,QAAa,QAAQ,KAAU,EAAE,CAAC,EAC1D;AAAA,gBACC;AAAA,kBACE,wBAAG,QAAa,IAAI,YAAY,EAAE;AAAA,kBAClC,wBAAG,QAAa,WAAW,oBAAI,KAAK,CAAC;AAAA,YACvC;AAAA,UACF,EACC,MAAM,CAAC;AAEV,cAAI,OAAO,WAAW,GAAG;AACvB,gBAAI,UAAU;AACZ,qBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,YACrE;AACA,mBAAO,KAAK;AAAA,UACd;AAGA,kBAAQ,WAAW,OAAO,CAAC,EAAE;AAC7B,kBAAQ,cAAc,OAAO,CAAC,EAAE;AAGhC,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAE1B,iBAAO,KAAK;AAAA,QACd;AAGA,YAAI;AAEJ,YAAI,cAAc,OAAO,eAAe,UAAU;AAChD,qBAAW,KAAK;AAAA,YACd,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,OAAO;AAAA,UACpD;AAAA,QACF;AAEA,YAAI,CAAC,YAAY,UAAU;AACzB,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,QACvD;AAEA,YAAI,UAAU;AAEZ,kBAAQ,WAAW;AACnB,kBAAQ,cAAc;AAGtB,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAAA,QAC5B;AAEA,aAAK;AAAA,MACP,SAAS,OAAO;AACd,gBAAQ,MAAM,iCAAiC,KAAK;AACpD,YAAI,UAAU;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,wBAAwB,CAAC;AAAA,QAChE;AACA,aAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;AAKO,IAAM,aAAa,wBAAwB;AAK3C,SAAS,gBAAgB,KAA2C;AACzE,SAAO,CAAC,CAAE,IAA6B;AACzC;AAMO,SAAS,eAAe,KAAgD;AAC7E,QAAM,UAAU;AAChB,MAAI,CAAC,QAAQ,YAAY,CAAC,QAAQ,aAAa;AAC7C,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,SAAO,EAAE,MAAM,QAAQ,UAAU,SAAS,QAAQ,YAAY;AAChE;AAKO,IAAM,iBAAiB;AAAA,EAC5B,kBAAkB;AAAA;AAAA,EAElB;AAAA,EACA;AAAA,EACA;AACF;;;ATjMA,IAAM,MAAM;AAAA,EACR;AAAA,EACA;AACJ;AAIA,IAAM,OAAO;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,IACJ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACb;AAAA,EACA;AACJ;AAEA,IAAO,cAAQ;","names":["import_server_only","assertServerOnly","import_server_only","session","import_server_only","session","headers","import_headers","import_drizzle_orm"]}
+{"version":3,"sources":["../src/index.ts","../src/lib/auth.ts","../src/lib/schema.ts","../src/lib/db.ts","../src/server/sveltekit.ts","../src/server/nextjs.ts","../src/bff/client.ts","../src/bff/nextjs.ts","../src/bff/sveltekit.ts","../src/server/express.ts"],"sourcesContent":["// Core factory functions\nimport { createAuth, type HyleAuthConfig } from \"./lib/auth\";\nimport { createDb, type HyleDbConfig } from \"./lib/db\";\nimport * as schema from \"./lib/schema\";\n\n// Framework adapters (server-only)\nimport { createSvelteKitServer } from \"./server/sveltekit\";\nimport { createNextJsServer } from \"./server/nextjs\";\nimport { createNextJsBff, createSvelteKitBff } from \"./bff/index\";\nimport {\n    expressAdapter,\n    createExpressMiddleware,\n    middleware as expressMiddleware,\n    isAuthenticated,\n    getAuthContext,\n} from \"./server/express\";\n\n// Export types\nexport type {\n    SessionResult,\n    SessionData,\n    UserInfo,\n    Session,\n    User,\n} from \"./client/types\";\n\nexport type { BffClientConfig, RequestOptions } from \"./bff/types\";\n\nexport type {\n    AuthenticatedRequest,\n    MiddlewareOptions,\n} from \"./server/express\";\n\nexport type { HyleAuthConfig, HyleDbConfig };\n\n// Core exports - factory functions for creating db and auth\nexport { createDb, createAuth };\n\n// Schema exports\nexport { user, session, account, verification } from \"./lib/schema\";\nexport { schema };\n\n// Server adapters (factory functions)\nexport { createSvelteKitServer, createNextJsServer };\n\n// Express adapter\nexport { expressAdapter as express };\nexport { createExpressMiddleware, expressMiddleware, isAuthenticated, getAuthContext };\n\n// BFF exports\nexport { createNextJsBff, createSvelteKitBff };\n\n// Namespace exports\nconst bff = {\n    createNextJsBff,\n    createSvelteKitBff\n};\nexport { bff };\n\n// Default export\nconst hyle = {\n    createDb,\n    createAuth,\n    schema,\n    server: {\n        createSvelteKitServer,\n        createNextJsServer,\n        express: expressAdapter\n    },\n    bff\n};\n\nexport default hyle;","import \"server-only\";\nimport { betterAuth } from \"better-auth\";\nimport { drizzleAdapter } from \"better-auth/adapters/drizzle\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for Hyle authentication.\n */\nexport interface HyleAuthConfig {\n    /** Base URL for the auth server (e.g., \"https://myapp.com\") */\n    baseURL: string;\n    /** Secret key for signing sessions and tokens */\n    secret: string;\n    /** List of trusted origins for CORS (optional) */\n    trustedOrigins?: string[];\n    /** Google OAuth configuration (optional) */\n    google?: {\n        clientId: string;\n        clientSecret: string;\n    };\n    /** Session configuration (optional, uses sensible defaults) */\n    session?: {\n        /** Session expiry in seconds (default: 7 days) */\n        expiresIn?: number;\n        /** Session update interval in seconds (default: 24 hours) */\n        updateAge?: number;\n        /** Cookie cache settings */\n        cookieCache?: {\n            enabled?: boolean;\n            maxAge?: number;\n        };\n    };\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n// Type for the database created by createDb\ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle<typeof schema>>;\n\n/**\n * Creates a BetterAuth instance with the provided configuration.\n * \n * @param db - Database instance created by createDb()\n * @param config - Authentication configuration\n * @returns A BetterAuth instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/auth.ts)\n * import { createDb, createAuth } from \"hylekit\";\n * \n * const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * \n * export const auth = createAuth(db, {\n *     baseURL: process.env.BETTER_AUTH_URL!,\n *     secret: process.env.BETTER_AUTH_SECRET!,\n *     google: {\n *         clientId: process.env.GOOGLE_CLIENT_ID!,\n *         clientSecret: process.env.GOOGLE_CLIENT_SECRET!,\n *     },\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createAuth(db: HyleDb, config: HyleAuthConfig) {\n    assertServerOnly('createAuth');\n\n    const sessionConfig = {\n        expiresIn: config.session?.expiresIn ?? 60 * 60 * 24 * 7, // 7 days\n        updateAge: config.session?.updateAge ?? 60 * 60 * 24, // 24 hours\n        cookieCache: {\n            enabled: config.session?.cookieCache?.enabled ?? true,\n            maxAge: config.session?.cookieCache?.maxAge ?? 60 * 5, // 5 minutes\n        },\n    };\n\n    return betterAuth({\n        database: drizzleAdapter(db, {\n            provider: \"sqlite\",\n            schema: {\n                ...schema\n            }\n        }),\n        baseURL: config.baseURL,\n        secret: config.secret,\n        trustedOrigins: config.trustedOrigins,\n        socialProviders: config.google ? {\n            google: {\n                clientId: config.google.clientId,\n                clientSecret: config.google.clientSecret,\n            },\n        } : undefined,\n        session: sessionConfig,\n    });\n}\n\nexport { schema };\n","import { relations, sql } from \"drizzle-orm\";\nimport { sqliteTable, text, integer, index } from \"drizzle-orm/sqlite-core\";\n\nexport const user = sqliteTable(\"user\", {\n  id: text(\"id\").primaryKey(),\n  name: text(\"name\").notNull(),\n  email: text(\"email\").notNull().unique(),\n  emailVerified: integer(\"email_verified\", { mode: \"boolean\" })\n    .default(false)\n    .notNull(),\n  image: text(\"image\"),\n  createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .notNull(),\n  updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .$onUpdate(() => /* @__PURE__ */ new Date())\n    .notNull(),\n});\n\nexport const session = sqliteTable(\n  \"session\",\n  {\n    id: text(\"id\").primaryKey(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    token: text(\"token\").notNull().unique(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n    ipAddress: text(\"ip_address\"),\n    userAgent: text(\"user_agent\"),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n  },\n  (table) => [index(\"session_userId_idx\").on(table.userId)],\n);\n\nexport const account = sqliteTable(\n  \"account\",\n  {\n    id: text(\"id\").primaryKey(),\n    accountId: text(\"account_id\").notNull(),\n    providerId: text(\"provider_id\").notNull(),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n    accessToken: text(\"access_token\"),\n    refreshToken: text(\"refresh_token\"),\n    idToken: text(\"id_token\"),\n    accessTokenExpiresAt: integer(\"access_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    refreshTokenExpiresAt: integer(\"refresh_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    scope: text(\"scope\"),\n    password: text(\"password\"),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"account_userId_idx\").on(table.userId)],\n);\n\nexport const verification = sqliteTable(\n  \"verification\",\n  {\n    id: text(\"id\").primaryKey(),\n    identifier: text(\"identifier\").notNull(),\n    value: text(\"value\").notNull(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"verification_identifier_idx\").on(table.identifier)],\n);\n\nexport const userRelations = relations(user, ({ many }) => ({\n  sessions: many(session),\n  accounts: many(account),\n}));\n\nexport const sessionRelations = relations(session, ({ one }) => ({\n  user: one(user, {\n    fields: [session.userId],\n    references: [user.id],\n  }),\n}));\n\nexport const accountRelations = relations(account, ({ one }) => ({\n  user: one(user, {\n    fields: [account.userId],\n    references: [user.id],\n  }),\n}));\n","import \"server-only\";\nimport { drizzle } from \"drizzle-orm/libsql\";\nimport { createClient } from \"@libsql/client\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for the Hyle database connection.\n */\nexport interface HyleDbConfig {\n    /** Turso/LibSQL database URL */\n    url: string;\n    /** Authentication token for the database (required for remote Turso databases) */\n    authToken?: string;\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n/**\n * Creates a database connection with the provided configuration.\n * \n * @param config - Database configuration\n * @returns A Drizzle database instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/db.ts)\n * import { createDb } from \"hylekit\";\n * \n * export const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createDb(config: HyleDbConfig) {\n    assertServerOnly('createDb');\n\n    const client = createClient({\n        url: config.url,\n        authToken: config.authToken,\n    });\n\n    return drizzle(client, { schema });\n}\n\nexport { schema };\n","import \"server-only\";\nimport { toSvelteKitHandler } from \"better-auth/svelte-kit\";\nimport type { Handle, RequestEvent } from \"@sveltejs/kit\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates SvelteKit server-side auth utilities.\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for SvelteKit\n * \n * @example\n * ```typescript\n * // In src/lib/server/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createSvelteKitServer } from \"hylekit/sveltekit\";\n * \n * const db = createDb({ url: env.HYLE_DATABASE_URL, authToken: env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: env.PUBLIC_APP_URL, secret: env.BETTER_AUTH_SECRET, ... });\n * \n * export const { handler, getSession, isAuthenticated, createHandle, makeAuthenticatedCall } = createSvelteKitServer(auth, db);\n * ```\n */\nexport function createSvelteKitServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toSvelteKitHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * SvelteKit request handler for auth routes.\n         * Place this in `src/routes/api/auth/[...auth]/+server.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Creates a SvelteKit handle hook for session management.\n         */\n        createHandle: (): Handle => {\n            return async ({ event, resolve }) => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n\n                // Set on locals - consumer must extend App.Locals type\n                (event.locals as Record<string, unknown>).session = session;\n                (event.locals as Record<string, unknown>).user = session?.user ?? null;\n\n                return resolve(event);\n            };\n        },\n\n        /**\n         * Get session from request event.\n         */\n        getSession: async (event: RequestEvent): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: event.request.headers,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         */\n        isAuthenticated: async (event: RequestEvent): Promise<boolean> => {\n            const session = await auth.api.getSession({\n                headers: event.request.headers,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db; event: RequestEvent }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (event: RequestEvent, ...args: TArgs): Promise<TReturn> => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db, event }, ...args);\n            }\n        }\n    };\n}\n","import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    // toNextJsHandler already returns { GET, POST }\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler,\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n","import type { BffClientConfig, FetchMethod, RequestOptions } from \"./types\";\n\n/**\n * Base client logic.\n */\nexport class BffClientBase {\n    constructor(private config: BffClientConfig) {}\n\n    protected async request<T>(\n        path: string,\n        method: FetchMethod,\n        options: RequestOptions = {}\n    ): Promise<T> {\n        const url = new URL(path, this.config.baseUrl);\n        \n        if (options.query) {\n            Object.entries(options.query).forEach(([key, value]) => {\n                if (value !== undefined) {\n                    url.searchParams.append(key, String(value));\n                }\n            });\n        }\n\n        const headers = new Headers(options.headers || {});\n        \n        // Add default headers\n        if (this.config.headers) {\n            Object.entries(this.config.headers).forEach(([key, value]) => {\n                if (!headers.has(key)) {\n                    headers.set(key, value);\n                }\n            });\n        }\n\n        // Set Content-Type if body is present and not FormData\n        if (options.body && !(options.body instanceof FormData) && !headers.has(\"Content-Type\")) {\n            headers.set(\"Content-Type\", \"application/json\");\n        }\n\n        const response = await fetch(url.toString(), {\n            ...options,\n            method,\n            headers,\n        });\n\n        if (!response.ok) {\n            throw new Error(`BFF Request Failed: ${response.status} ${response.statusText}`);\n        }\n\n        // Retrieve the Content-Type header to check if the response is JSON\n        const contentType = response.headers.get(\"content-type\");\n        if (contentType && contentType.includes(\"application/json\")) {\n            return response.json() as Promise<T>;\n        }\n        \n        return response.text() as unknown as Promise<T>;\n    }\n}\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport { headers } from \"next/headers\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n\n/**\n * Next.js BFF Client that requires an auth instance.\n */\nexport class NextJsBffClient extends BffClientBase {\n    private auth: HyleAuth;\n\n    constructor(auth: HyleAuth, config: BffClientConfig) {\n        super(config);\n        this.auth = auth;\n    }\n\n    private async getAuthHeaders(): Promise<Record<string, string>> {\n        try {\n            const requestHeaders = await headers();\n            const sessionData = await this.auth.api.getSession({\n                headers: requestHeaders\n            });\n\n            if (!sessionData) return {};\n\n            return {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        } catch (e) {\n            // Context where headers() is not available (e.g. static generation)\n            return {};\n        }\n    }\n\n    async get<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"GET\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async post<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"POST\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async put<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PUT\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async patch<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PATCH\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async delete<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"DELETE\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n}\n\n/**\n * Creates a Next.js BFF client for making authenticated requests to your Express API.\n * \n * @param auth - Auth instance created by createAuth()\n * @param baseUrlOrConfig - Base URL string or full config object\n * \n * @example\n * ```typescript\n * // In lib/bff.ts\n * import { createDb, createAuth, createNextJsBff } from \"hylekit\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { ... });\n * \n * export const bff = createNextJsBff(auth, process.env.EXPRESS_API_URL!);\n * \n * // Usage in server components\n * const data = await bff.get(\"/api/data\");\n * ```\n */\nexport const createNextJsBff = (auth: HyleAuth, baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\"\n        ? { baseUrl: baseUrlOrConfig }\n        : baseUrlOrConfig;\n    return new NextJsBffClient(auth, config);\n};\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\n\nexport class SvelteKitBffClient extends BffClientBase {\n    constructor(config: BffClientConfig) {\n        super(config);\n    }\n\n    /**\n     * Creates a request context bound to a specific SvelteKit event.\n     * This is necessary because SvelteKit doesn't have global request storage.\n     */\n    with(event: RequestEvent) {\n        // Extract token from locals if available (set by our handle hook)\n        // or try to get it from session.\n        const sessionData = (event.locals as any).session;\n        let authHeaders: Record<string, string> = {};\n\n        if (sessionData?.user && sessionData?.session) {\n            authHeaders = {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        }\n\n        return {\n            get: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"GET\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n            \n            post: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"POST\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            put: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PUT\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            patch: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PATCH\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            delete: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"DELETE\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n        };\n    }\n}\n\nexport const createSvelteKitBff = (baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\" \n        ? { baseUrl: baseUrlOrConfig } \n        : baseUrlOrConfig;\n    return new SvelteKitBffClient(config);\n};\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { Session, User } from \"better-auth\";\nimport { session as sessionTable, user as userTable } from \"../lib/schema\";\nimport { eq, and, gt } from \"drizzle-orm\";\n\n/**\n * Extended Request with authenticated user context.\n */\nexport interface AuthenticatedRequest extends Request {\n  /**\n   * The authenticated user. Available on all authenticated routes.\n   */\n  authUser: User;\n\n  /**\n   * The current session. Available on all authenticated routes.\n   */\n  authSession: Session;\n\n  /**\n   * @deprecated Use authUser instead\n   */\n  user?: User;\n\n  /**\n   * @deprecated Use authSession instead\n   */\n  session?: Session;\n}\n\nexport interface MiddlewareOptions {\n  /**\n   * Routes that don't require authentication.\n   * Supports exact paths and patterns with wildcards.\n   * @example [\"/health\", \"/public/*\", \"/api/webhooks/*\"]\n   */\n  unauthenticatedRoutes?: string[];\n\n  /**\n   * If true, verify session against the database.\n   * Use for service-to-service calls where headers can't be implicitly trusted.\n   * @default false\n   */\n  verifySession?: boolean;\n\n  /**\n   * Whether to require authentication for non-unauthenticated routes.\n   * Returns 401 on missing/invalid session.\n   * @default true\n   */\n  required?: boolean;\n}\n\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Check if a path matches any of the unauthenticated route patterns.\n */\nfunction isUnauthenticatedRoute(path: string, patterns: string[]): boolean {\n  for (const pattern of patterns) {\n    if (pattern === path) return true;\n\n    // Handle wildcard patterns like \"/public/*\"\n    if (pattern.endsWith(\"/*\")) {\n      const prefix = pattern.slice(0, -2);\n      if (path === prefix || path.startsWith(prefix + \"/\")) {\n        return true;\n      }\n    }\n\n    // Handle double wildcard patterns like \"/api/**/health\"\n    if (pattern.includes(\"**\")) {\n      const regex = new RegExp(\n        \"^\" + pattern.replace(/\\*\\*/g, \".*\").replace(/\\*/g, \"[^/]*\") + \"$\"\n      );\n      if (regex.test(path)) return true;\n    }\n  }\n  return false;\n}\n\n/**\n * Creates Express middleware for session verification.\n * \n * @param db - Database instance created by createDb() (optional, required if using verifySession)\n * \n * @example\n * // Basic usage - trust headers from BFF (no db needed)\n * app.use(createExpressMiddleware()());\n * \n * @example\n * // With DB verification for service-to-service calls\n * import { createDb } from \"hylekit\";\n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * app.use(createExpressMiddleware(db)({ verifySession: true }));\n * \n * @example\n * // With unauthenticated routes\n * app.use(createExpressMiddleware(db)({\n *   unauthenticatedRoutes: [\"/health\", \"/public/*\", \"/api/webhooks/*\"],\n *   verifySession: true\n * }));\n */\nexport const createExpressMiddleware = (db?: HyleDb) => {\n  return (options: MiddlewareOptions = {}) => {\n    const {\n      unauthenticatedRoutes = [],\n      verifySession = false,\n      required = true\n    } = options;\n\n    if (verifySession && !db) {\n      throw new Error(\n        \"[hylekit] CONFIGURATION ERROR: verifySession requires a database instance. \" +\n        \"Pass a db instance to createExpressMiddleware(db).\"\n      );\n    }\n\n    return async (req: Request, res: Response, next: NextFunction) => {\n      const authReq = req as AuthenticatedRequest;\n\n      // Check if route is unauthenticated\n      if (isUnauthenticatedRoute(req.path, unauthenticatedRoutes)) {\n        return next();\n      }\n\n      try {\n        const userHeader = req.headers[\"x-hyle-user\"];\n        const sessionHeader = req.headers[\"x-hyle-session\"];\n\n        // No session header provided\n        if (!sessionHeader || typeof sessionHeader !== \"string\") {\n          if (required) {\n            return res.status(401).json({ error: \"Unauthorized\" });\n          }\n          return next();\n        }\n\n        const sessionData = JSON.parse(\n          Buffer.from(sessionHeader, \"base64\").toString(\"utf-8\")\n        );\n\n        // Verify session against DB if required\n        if (verifySession && db) {\n          const result = await db\n            .select({\n              session: sessionTable,\n              user: userTable,\n            })\n            .from(sessionTable)\n            .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n            .where(\n              and(\n                eq(sessionTable.id, sessionData.id),\n                gt(sessionTable.expiresAt, new Date())\n              )\n            )\n            .limit(1);\n\n          if (result.length === 0) {\n            if (required) {\n              return res.status(401).json({ error: \"Invalid or expired session\" });\n            }\n            return next();\n          }\n\n          // Inject auth context\n          authReq.authUser = result[0].user as User;\n          authReq.authSession = result[0].session as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n\n          return next();\n        }\n\n        // Trust headers mode (for internal BFF calls)\n        let userData: User | undefined;\n\n        if (userHeader && typeof userHeader === \"string\") {\n          userData = JSON.parse(\n            Buffer.from(userHeader, \"base64\").toString(\"utf-8\")\n          );\n        }\n\n        if (!userData && required) {\n          return res.status(401).json({ error: \"Unauthorized\" });\n        }\n\n        if (userData) {\n          // Inject auth context\n          authReq.authUser = userData;\n          authReq.authSession = sessionData as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n        }\n\n        next();\n      } catch (error) {\n        console.error(\"[hyle] Auth middleware error:\", error);\n        if (required) {\n          return res.status(401).json({ error: \"Authentication failed\" });\n        }\n        next();\n      }\n    };\n  };\n};\n\n/**\n * @deprecated Use createExpressMiddleware(db) instead. This export will be removed in a future version.\n */\nexport const middleware = createExpressMiddleware();\n\n/**\n * Type guard to check if request is authenticated.\n */\nexport function isAuthenticated(req: Request): req is AuthenticatedRequest {\n  return !!(req as AuthenticatedRequest).authUser;\n}\n\n/**\n * Helper to get auth context from request.\n * Throws if not authenticated.\n */\nexport function getAuthContext(req: Request): { user: User; session: Session } {\n  const authReq = req as AuthenticatedRequest;\n  if (!authReq.authUser || !authReq.authSession) {\n    throw new Error(\"Request is not authenticated\");\n  }\n  return { user: authReq.authUser, session: authReq.authSession };\n}\n\n/**\n * Express adapter exports\n */\nexport const expressAdapter = {\n  createMiddleware: createExpressMiddleware,\n  /** @deprecated Use createMiddleware instead */\n  middleware,\n  isAuthenticated,\n  getAuthContext,\n};\n\n// Default export for convenience\nexport default expressAdapter;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAAO;AACP,yBAA2B;AAC3B,qBAA+B;;;ACF/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA+B;AAC/B,yBAAkD;AAE3C,IAAM,WAAO,gCAAY,QAAQ;AAAA,EACtC,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,EAC1B,UAAM,yBAAK,MAAM,EAAE,QAAQ;AAAA,EAC3B,WAAO,yBAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,EACtC,mBAAe,4BAAQ,kBAAkB,EAAE,MAAM,UAAU,CAAC,EACzD,QAAQ,KAAK,EACb,QAAQ;AAAA,EACX,WAAO,yBAAK,OAAO;AAAA,EACnB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,EACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AACb,CAAC;AAEM,IAAM,cAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,WAAO,yBAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,IACtC,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,IACX,eAAW,yBAAK,YAAY;AAAA,IAC5B,eAAW,yBAAK,YAAY;AAAA,IAC5B,YAAQ,yBAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,EACtD;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,cAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,eAAW,yBAAK,YAAY,EAAE,QAAQ;AAAA,IACtC,gBAAY,yBAAK,aAAa,EAAE,QAAQ;AAAA,IACxC,YAAQ,yBAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACpD,iBAAa,yBAAK,cAAc;AAAA,IAChC,kBAAc,yBAAK,eAAe;AAAA,IAClC,aAAS,yBAAK,UAAU;AAAA,IACxB,0BAAsB,4BAAQ,2BAA2B;AAAA,MACvD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,2BAAuB,4BAAQ,4BAA4B;AAAA,MACzD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,WAAO,yBAAK,OAAO;AAAA,IACnB,cAAU,yBAAK,UAAU;AAAA,IACzB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,mBAAe;AAAA,EAC1B;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,gBAAY,yBAAK,YAAY,EAAE,QAAQ;AAAA,IACvC,WAAO,yBAAK,OAAO,EAAE,QAAQ;AAAA,IAC7B,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,6BAA6B,EAAE,GAAG,MAAM,UAAU,CAAC;AACvE;AAEO,IAAM,oBAAgB,8BAAU,MAAM,CAAC,EAAE,KAAK,OAAO;AAAA,EAC1D,UAAU,KAAK,OAAO;AAAA,EACtB,UAAU,KAAK,OAAO;AACxB,EAAE;AAEK,IAAM,uBAAmB,8BAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;AAEK,IAAM,uBAAmB,8BAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;;;ADpEF,SAAS,iBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAkCO,SAAS,WAAW,IAAY,QAAwB;AAC3D,mBAAiB,YAAY;AAE7B,QAAM,gBAAgB;AAAA,IAClB,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK,KAAK;AAAA;AAAA,IACvD,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK;AAAA;AAAA,IAClD,aAAa;AAAA,MACT,SAAS,OAAO,SAAS,aAAa,WAAW;AAAA,MACjD,QAAQ,OAAO,SAAS,aAAa,UAAU,KAAK;AAAA;AAAA,IACxD;AAAA,EACJ;AAEA,aAAO,+BAAW;AAAA,IACd,cAAU,+BAAe,IAAI;AAAA,MACzB,UAAU;AAAA,MACV,QAAQ;AAAA,QACJ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,IACD,SAAS,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,gBAAgB,OAAO;AAAA,IACvB,iBAAiB,OAAO,SAAS;AAAA,MAC7B,QAAQ;AAAA,QACJ,UAAU,OAAO,OAAO;AAAA,QACxB,cAAc,OAAO,OAAO;AAAA,MAChC;AAAA,IACJ,IAAI;AAAA,IACJ,SAAS;AAAA,EACb,CAAC;AACL;;;AE7GA,IAAAA,sBAAO;AACP,oBAAwB;AACxB,oBAA6B;AAiB7B,SAASC,kBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAqBO,SAAS,SAAS,QAAsB;AAC3C,EAAAA,kBAAiB,UAAU;AAE3B,QAAM,aAAS,4BAAa;AAAA,IACxB,KAAK,OAAO;AAAA,IACZ,WAAW,OAAO;AAAA,EACtB,CAAC;AAED,aAAO,uBAAQ,QAAQ,EAAE,uBAAO,CAAC;AACrC;;;ACxDA,IAAAC,sBAAO;AACP,wBAAmC;AA4B5B,SAAS,sBAAsB,MAAgB,IAAY;AAC9D,QAAM,cAAU,sCAAmB,IAAI;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA,IAKA,cAAc,MAAc;AACxB,aAAO,OAAO,EAAE,OAAO,QAAQ,MAAM;AACjC,cAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AAGD,QAAC,MAAM,OAAmC,UAAUA;AACpD,QAAC,MAAM,OAAmC,OAAOA,UAAS,QAAQ;AAElE,eAAO,QAAQ,KAAK;AAAA,MACxB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY,OAAO,UAAgD;AAC/D,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA,IAKA,iBAAiB,OAAO,UAA0C;AAC9D,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,OAAO,UAAwB,SAAkC;AACpE,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,IAAI,MAAM,GAAG,GAAG,IAAI;AAAA,MAClF;AAAA,IACJ;AAAA,EACJ;AACJ;;;ACrGA,IAAAC,sBAAO;AACP,qBAAgC;AAChC,qBAAwB;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAE3D,QAAM,cAAU,gCAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,UAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,UAAM,wBAAQ;AACrC,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;;;ACxGO,IAAM,gBAAN,MAAoB;AAAA,EACvB,YAAoB,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAE9C,MAAgB,QACZ,MACA,QACA,UAA0B,CAAC,GACjB;AACV,UAAM,MAAM,IAAI,IAAI,MAAM,KAAK,OAAO,OAAO;AAE7C,QAAI,QAAQ,OAAO;AACf,aAAO,QAAQ,QAAQ,KAAK,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,UAAU,QAAW;AACrB,cAAI,aAAa,OAAO,KAAK,OAAO,KAAK,CAAC;AAAA,QAC9C;AAAA,MACJ,CAAC;AAAA,IACL;AAEA,UAAMC,WAAU,IAAI,QAAQ,QAAQ,WAAW,CAAC,CAAC;AAGjD,QAAI,KAAK,OAAO,SAAS;AACrB,aAAO,QAAQ,KAAK,OAAO,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC1D,YAAI,CAACA,SAAQ,IAAI,GAAG,GAAG;AACnB,UAAAA,SAAQ,IAAI,KAAK,KAAK;AAAA,QAC1B;AAAA,MACJ,CAAC;AAAA,IACL;AAGA,QAAI,QAAQ,QAAQ,EAAE,QAAQ,gBAAgB,aAAa,CAACA,SAAQ,IAAI,cAAc,GAAG;AACrF,MAAAA,SAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAClD;AAEA,UAAM,WAAW,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACzC,GAAG;AAAA,MACH;AAAA,MACA,SAAAA;AAAA,IACJ,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AACd,YAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,IACnF;AAGA,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,QAAI,eAAe,YAAY,SAAS,kBAAkB,GAAG;AACzD,aAAO,SAAS,KAAK;AAAA,IACzB;AAEA,WAAO,SAAS,KAAK;AAAA,EACzB;AACJ;;;ACvDA,IAAAC,kBAAwB;AAQjB,IAAM,kBAAN,cAA8B,cAAc;AAAA,EAG/C,YAAY,MAAgB,QAAyB;AACjD,UAAM,MAAM;AACZ,SAAK,OAAO;AAAA,EAChB;AAAA,EAEA,MAAc,iBAAkD;AAC5D,QAAI;AACA,YAAM,iBAAiB,UAAM,yBAAQ;AACrC,YAAM,cAAc,MAAM,KAAK,KAAK,IAAI,WAAW;AAAA,QAC/C,SAAS;AAAA,MACb,CAAC;AAED,UAAI,CAAC,YAAa,QAAO,CAAC;AAE1B,aAAO;AAAA,QACH,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ,SAAS,GAAG;AAER,aAAO,CAAC;AAAA,IACZ;AAAA,EACJ;AAAA,EAEA,MAAM,IAAO,MAAc,SAAsC;AAC7D,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,KAAQ,MAAc,MAAY,SAAsC;AAC1E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,QAAQ;AAAA,MACjC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,IAAO,MAAc,MAAY,SAAsC;AACzE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,MAAS,MAAc,MAAY,SAAsC;AAC3E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,SAAS;AAAA,MAClC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,OAAU,MAAc,SAAsC;AAChE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,UAAU;AAAA,MACnC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AACJ;AAsBO,IAAM,kBAAkB,CAAC,MAAgB,oBAA8C;AAC1F,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,gBAAgB,MAAM,MAAM;AAC3C;;;ACrHO,IAAM,qBAAN,cAAiC,cAAc;AAAA,EAClD,YAAY,QAAyB;AACjC,UAAM,MAAM;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,OAAqB;AAGtB,UAAM,cAAe,MAAM,OAAe;AAC1C,QAAI,cAAsC,CAAC;AAE3C,QAAI,aAAa,QAAQ,aAAa,SAAS;AAC3C,oBAAc;AAAA,QACV,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,KAAK,CAAI,MAAc,YACnB,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,MAAM,CAAI,MAAc,MAAY,YAChC,KAAK,QAAW,MAAM,QAAQ;AAAA,QAC1B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,KAAK,CAAI,MAAc,MAAY,YAC/B,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,OAAO,CAAI,MAAc,MAAY,YACjC,KAAK,QAAW,MAAM,SAAS;AAAA,QAC3B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,QAAQ,CAAI,MAAc,YACtB,KAAK,QAAW,MAAM,UAAU;AAAA,QAC5B,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,IACT;AAAA,EACJ;AACJ;AAEO,IAAM,qBAAqB,CAAC,oBAA8C;AAC7E,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,mBAAmB,MAAM;AACxC;;;ACjEA,IAAAC,sBAA4B;AAwD5B,SAAS,uBAAuB,MAAc,UAA6B;AACzE,aAAW,WAAW,UAAU;AAC9B,QAAI,YAAY,KAAM,QAAO;AAG7B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,UAAI,SAAS,UAAU,KAAK,WAAW,SAAS,GAAG,GAAG;AACpD,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,QAAQ,IAAI;AAAA,QAChB,MAAM,QAAQ,QAAQ,SAAS,IAAI,EAAE,QAAQ,OAAO,OAAO,IAAI;AAAA,MACjE;AACA,UAAI,MAAM,KAAK,IAAI,EAAG,QAAO;AAAA,IAC/B;AAAA,EACF;AACA,SAAO;AACT;AAwBO,IAAM,0BAA0B,CAAC,OAAgB;AACtD,SAAO,CAAC,UAA6B,CAAC,MAAM;AAC1C,UAAM;AAAA,MACJ,wBAAwB,CAAC;AAAA,MACzB,gBAAgB;AAAA,MAChB,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,iBAAiB,CAAC,IAAI;AACxB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,WAAO,OAAO,KAAc,KAAe,SAAuB;AAChE,YAAM,UAAU;AAGhB,UAAI,uBAAuB,IAAI,MAAM,qBAAqB,GAAG;AAC3D,eAAO,KAAK;AAAA,MACd;AAEA,UAAI;AACF,cAAM,aAAa,IAAI,QAAQ,aAAa;AAC5C,cAAM,gBAAgB,IAAI,QAAQ,gBAAgB;AAGlD,YAAI,CAAC,iBAAiB,OAAO,kBAAkB,UAAU;AACvD,cAAI,UAAU;AACZ,mBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,UACvD;AACA,iBAAO,KAAK;AAAA,QACd;AAEA,cAAM,cAAc,KAAK;AAAA,UACvB,OAAO,KAAK,eAAe,QAAQ,EAAE,SAAS,OAAO;AAAA,QACvD;AAGA,YAAI,iBAAiB,IAAI;AACvB,gBAAM,SAAS,MAAM,GAClB,OAAO;AAAA,YACN;AAAA,YACA;AAAA,UACF,CAAC,EACA,KAAK,OAAY,EACjB,UAAU,UAAW,wBAAG,QAAa,QAAQ,KAAU,EAAE,CAAC,EAC1D;AAAA,gBACC;AAAA,kBACE,wBAAG,QAAa,IAAI,YAAY,EAAE;AAAA,kBAClC,wBAAG,QAAa,WAAW,oBAAI,KAAK,CAAC;AAAA,YACvC;AAAA,UACF,EACC,MAAM,CAAC;AAEV,cAAI,OAAO,WAAW,GAAG;AACvB,gBAAI,UAAU;AACZ,qBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,YACrE;AACA,mBAAO,KAAK;AAAA,UACd;AAGA,kBAAQ,WAAW,OAAO,CAAC,EAAE;AAC7B,kBAAQ,cAAc,OAAO,CAAC,EAAE;AAGhC,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAE1B,iBAAO,KAAK;AAAA,QACd;AAGA,YAAI;AAEJ,YAAI,cAAc,OAAO,eAAe,UAAU;AAChD,qBAAW,KAAK;AAAA,YACd,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,OAAO;AAAA,UACpD;AAAA,QACF;AAEA,YAAI,CAAC,YAAY,UAAU;AACzB,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,QACvD;AAEA,YAAI,UAAU;AAEZ,kBAAQ,WAAW;AACnB,kBAAQ,cAAc;AAGtB,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAAA,QAC5B;AAEA,aAAK;AAAA,MACP,SAAS,OAAO;AACd,gBAAQ,MAAM,iCAAiC,KAAK;AACpD,YAAI,UAAU;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,wBAAwB,CAAC;AAAA,QAChE;AACA,aAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;AAKO,IAAM,aAAa,wBAAwB;AAK3C,SAAS,gBAAgB,KAA2C;AACzE,SAAO,CAAC,CAAE,IAA6B;AACzC;AAMO,SAAS,eAAe,KAAgD;AAC7E,QAAM,UAAU;AAChB,MAAI,CAAC,QAAQ,YAAY,CAAC,QAAQ,aAAa;AAC7C,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,SAAO,EAAE,MAAM,QAAQ,UAAU,SAAS,QAAQ,YAAY;AAChE;AAKO,IAAM,iBAAiB;AAAA,EAC5B,kBAAkB;AAAA;AAAA,EAElB;AAAA,EACA;AAAA,EACA;AACF;;;ATjMA,IAAM,MAAM;AAAA,EACR;AAAA,EACA;AACJ;AAIA,IAAM,OAAO;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,IACJ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACb;AAAA,EACA;AACJ;AAEA,IAAO,cAAQ;","names":["import_server_only","assertServerOnly","import_server_only","session","import_server_only","session","headers","import_headers","import_drizzle_orm"]}

package/dist/index.js

@@ -239,10 +239,7 @@ function createNextJsServer(auth, db) {
      * Next.js route handler for auth routes.
      * Place this in `app/api/auth/[...auth]/route.ts`
      */
-    handler: {
-      GET: handler,
-      POST: handler
-    },
+    handler,
     /**
      * Get session from current request headers.
      * Use in Server Components or Route Handlers.

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/lib/auth.ts","../src/lib/schema.ts","../src/lib/db.ts","../src/server/sveltekit.ts","../src/server/nextjs.ts","../src/bff/client.ts","../src/bff/nextjs.ts","../src/bff/sveltekit.ts","../src/server/express.ts","../src/index.ts"],"sourcesContent":["import \"server-only\";\nimport { betterAuth } from \"better-auth\";\nimport { drizzleAdapter } from \"better-auth/adapters/drizzle\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for Hyle authentication.\n */\nexport interface HyleAuthConfig {\n    /** Base URL for the auth server (e.g., \"https://myapp.com\") */\n    baseURL: string;\n    /** Secret key for signing sessions and tokens */\n    secret: string;\n    /** List of trusted origins for CORS (optional) */\n    trustedOrigins?: string[];\n    /** Google OAuth configuration (optional) */\n    google?: {\n        clientId: string;\n        clientSecret: string;\n    };\n    /** Session configuration (optional, uses sensible defaults) */\n    session?: {\n        /** Session expiry in seconds (default: 7 days) */\n        expiresIn?: number;\n        /** Session update interval in seconds (default: 24 hours) */\n        updateAge?: number;\n        /** Cookie cache settings */\n        cookieCache?: {\n            enabled?: boolean;\n            maxAge?: number;\n        };\n    };\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n// Type for the database created by createDb\ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle<typeof schema>>;\n\n/**\n * Creates a BetterAuth instance with the provided configuration.\n * \n * @param db - Database instance created by createDb()\n * @param config - Authentication configuration\n * @returns A BetterAuth instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/auth.ts)\n * import { createDb, createAuth } from \"hylekit\";\n * \n * const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * \n * export const auth = createAuth(db, {\n *     baseURL: process.env.BETTER_AUTH_URL!,\n *     secret: process.env.BETTER_AUTH_SECRET!,\n *     google: {\n *         clientId: process.env.GOOGLE_CLIENT_ID!,\n *         clientSecret: process.env.GOOGLE_CLIENT_SECRET!,\n *     },\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createAuth(db: HyleDb, config: HyleAuthConfig) {\n    assertServerOnly('createAuth');\n\n    const sessionConfig = {\n        expiresIn: config.session?.expiresIn ?? 60 * 60 * 24 * 7, // 7 days\n        updateAge: config.session?.updateAge ?? 60 * 60 * 24, // 24 hours\n        cookieCache: {\n            enabled: config.session?.cookieCache?.enabled ?? true,\n            maxAge: config.session?.cookieCache?.maxAge ?? 60 * 5, // 5 minutes\n        },\n    };\n\n    return betterAuth({\n        database: drizzleAdapter(db, {\n            provider: \"sqlite\",\n            schema: {\n                ...schema\n            }\n        }),\n        baseURL: config.baseURL,\n        secret: config.secret,\n        trustedOrigins: config.trustedOrigins,\n        socialProviders: config.google ? {\n            google: {\n                clientId: config.google.clientId,\n                clientSecret: config.google.clientSecret,\n            },\n        } : undefined,\n        session: sessionConfig,\n    });\n}\n\nexport { schema };\n","import { relations, sql } from \"drizzle-orm\";\nimport { sqliteTable, text, integer, index } from \"drizzle-orm/sqlite-core\";\n\nexport const user = sqliteTable(\"user\", {\n  id: text(\"id\").primaryKey(),\n  name: text(\"name\").notNull(),\n  email: text(\"email\").notNull().unique(),\n  emailVerified: integer(\"email_verified\", { mode: \"boolean\" })\n    .default(false)\n    .notNull(),\n  image: text(\"image\"),\n  createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .notNull(),\n  updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .$onUpdate(() => /* @__PURE__ */ new Date())\n    .notNull(),\n});\n\nexport const session = sqliteTable(\n  \"session\",\n  {\n    id: text(\"id\").primaryKey(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    token: text(\"token\").notNull().unique(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n    ipAddress: text(\"ip_address\"),\n    userAgent: text(\"user_agent\"),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n  },\n  (table) => [index(\"session_userId_idx\").on(table.userId)],\n);\n\nexport const account = sqliteTable(\n  \"account\",\n  {\n    id: text(\"id\").primaryKey(),\n    accountId: text(\"account_id\").notNull(),\n    providerId: text(\"provider_id\").notNull(),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n    accessToken: text(\"access_token\"),\n    refreshToken: text(\"refresh_token\"),\n    idToken: text(\"id_token\"),\n    accessTokenExpiresAt: integer(\"access_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    refreshTokenExpiresAt: integer(\"refresh_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    scope: text(\"scope\"),\n    password: text(\"password\"),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"account_userId_idx\").on(table.userId)],\n);\n\nexport const verification = sqliteTable(\n  \"verification\",\n  {\n    id: text(\"id\").primaryKey(),\n    identifier: text(\"identifier\").notNull(),\n    value: text(\"value\").notNull(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"verification_identifier_idx\").on(table.identifier)],\n);\n\nexport const userRelations = relations(user, ({ many }) => ({\n  sessions: many(session),\n  accounts: many(account),\n}));\n\nexport const sessionRelations = relations(session, ({ one }) => ({\n  user: one(user, {\n    fields: [session.userId],\n    references: [user.id],\n  }),\n}));\n\nexport const accountRelations = relations(account, ({ one }) => ({\n  user: one(user, {\n    fields: [account.userId],\n    references: [user.id],\n  }),\n}));\n","import \"server-only\";\nimport { drizzle } from \"drizzle-orm/libsql\";\nimport { createClient } from \"@libsql/client\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for the Hyle database connection.\n */\nexport interface HyleDbConfig {\n    /** Turso/LibSQL database URL */\n    url: string;\n    /** Authentication token for the database (required for remote Turso databases) */\n    authToken?: string;\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n/**\n * Creates a database connection with the provided configuration.\n * \n * @param config - Database configuration\n * @returns A Drizzle database instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/db.ts)\n * import { createDb } from \"hylekit\";\n * \n * export const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createDb(config: HyleDbConfig) {\n    assertServerOnly('createDb');\n\n    const client = createClient({\n        url: config.url,\n        authToken: config.authToken,\n    });\n\n    return drizzle(client, { schema });\n}\n\nexport { schema };\n","import \"server-only\";\nimport { toSvelteKitHandler } from \"better-auth/svelte-kit\";\nimport type { Handle, RequestEvent } from \"@sveltejs/kit\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates SvelteKit server-side auth utilities.\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for SvelteKit\n * \n * @example\n * ```typescript\n * // In src/lib/server/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createSvelteKitServer } from \"hylekit/sveltekit\";\n * \n * const db = createDb({ url: env.HYLE_DATABASE_URL, authToken: env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: env.PUBLIC_APP_URL, secret: env.BETTER_AUTH_SECRET, ... });\n * \n * export const { handler, getSession, isAuthenticated, createHandle, makeAuthenticatedCall } = createSvelteKitServer(auth, db);\n * ```\n */\nexport function createSvelteKitServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toSvelteKitHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * SvelteKit request handler for auth routes.\n         * Place this in `src/routes/api/auth/[...auth]/+server.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Creates a SvelteKit handle hook for session management.\n         */\n        createHandle: (): Handle => {\n            return async ({ event, resolve }) => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n\n                // Set on locals - consumer must extend App.Locals type\n                (event.locals as Record<string, unknown>).session = session;\n                (event.locals as Record<string, unknown>).user = session?.user ?? null;\n\n                return resolve(event);\n            };\n        },\n\n        /**\n         * Get session from request event.\n         */\n        getSession: async (event: RequestEvent): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: event.request.headers,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         */\n        isAuthenticated: async (event: RequestEvent): Promise<boolean> => {\n            const session = await auth.api.getSession({\n                headers: event.request.headers,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db; event: RequestEvent }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (event: RequestEvent, ...args: TArgs): Promise<TReturn> => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db, event }, ...args);\n            }\n        }\n    };\n}\n","import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n","import type { BffClientConfig, FetchMethod, RequestOptions } from \"./types\";\n\n/**\n * Base client logic.\n */\nexport class BffClientBase {\n    constructor(private config: BffClientConfig) {}\n\n    protected async request<T>(\n        path: string,\n        method: FetchMethod,\n        options: RequestOptions = {}\n    ): Promise<T> {\n        const url = new URL(path, this.config.baseUrl);\n        \n        if (options.query) {\n            Object.entries(options.query).forEach(([key, value]) => {\n                if (value !== undefined) {\n                    url.searchParams.append(key, String(value));\n                }\n            });\n        }\n\n        const headers = new Headers(options.headers || {});\n        \n        // Add default headers\n        if (this.config.headers) {\n            Object.entries(this.config.headers).forEach(([key, value]) => {\n                if (!headers.has(key)) {\n                    headers.set(key, value);\n                }\n            });\n        }\n\n        // Set Content-Type if body is present and not FormData\n        if (options.body && !(options.body instanceof FormData) && !headers.has(\"Content-Type\")) {\n            headers.set(\"Content-Type\", \"application/json\");\n        }\n\n        const response = await fetch(url.toString(), {\n            ...options,\n            method,\n            headers,\n        });\n\n        if (!response.ok) {\n            throw new Error(`BFF Request Failed: ${response.status} ${response.statusText}`);\n        }\n\n        // Retrieve the Content-Type header to check if the response is JSON\n        const contentType = response.headers.get(\"content-type\");\n        if (contentType && contentType.includes(\"application/json\")) {\n            return response.json() as Promise<T>;\n        }\n        \n        return response.text() as unknown as Promise<T>;\n    }\n}\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport { headers } from \"next/headers\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n\n/**\n * Next.js BFF Client that requires an auth instance.\n */\nexport class NextJsBffClient extends BffClientBase {\n    private auth: HyleAuth;\n\n    constructor(auth: HyleAuth, config: BffClientConfig) {\n        super(config);\n        this.auth = auth;\n    }\n\n    private async getAuthHeaders(): Promise<Record<string, string>> {\n        try {\n            const requestHeaders = await headers();\n            const sessionData = await this.auth.api.getSession({\n                headers: requestHeaders\n            });\n\n            if (!sessionData) return {};\n\n            return {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        } catch (e) {\n            // Context where headers() is not available (e.g. static generation)\n            return {};\n        }\n    }\n\n    async get<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"GET\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async post<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"POST\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async put<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PUT\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async patch<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PATCH\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async delete<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"DELETE\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n}\n\n/**\n * Creates a Next.js BFF client for making authenticated requests to your Express API.\n * \n * @param auth - Auth instance created by createAuth()\n * @param baseUrlOrConfig - Base URL string or full config object\n * \n * @example\n * ```typescript\n * // In lib/bff.ts\n * import { createDb, createAuth, createNextJsBff } from \"hylekit\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { ... });\n * \n * export const bff = createNextJsBff(auth, process.env.EXPRESS_API_URL!);\n * \n * // Usage in server components\n * const data = await bff.get(\"/api/data\");\n * ```\n */\nexport const createNextJsBff = (auth: HyleAuth, baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\"\n        ? { baseUrl: baseUrlOrConfig }\n        : baseUrlOrConfig;\n    return new NextJsBffClient(auth, config);\n};\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\n\nexport class SvelteKitBffClient extends BffClientBase {\n    constructor(config: BffClientConfig) {\n        super(config);\n    }\n\n    /**\n     * Creates a request context bound to a specific SvelteKit event.\n     * This is necessary because SvelteKit doesn't have global request storage.\n     */\n    with(event: RequestEvent) {\n        // Extract token from locals if available (set by our handle hook)\n        // or try to get it from session.\n        const sessionData = (event.locals as any).session;\n        let authHeaders: Record<string, string> = {};\n\n        if (sessionData?.user && sessionData?.session) {\n            authHeaders = {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        }\n\n        return {\n            get: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"GET\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n            \n            post: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"POST\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            put: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PUT\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            patch: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PATCH\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            delete: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"DELETE\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n        };\n    }\n}\n\nexport const createSvelteKitBff = (baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\" \n        ? { baseUrl: baseUrlOrConfig } \n        : baseUrlOrConfig;\n    return new SvelteKitBffClient(config);\n};\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { Session, User } from \"better-auth\";\nimport { session as sessionTable, user as userTable } from \"../lib/schema\";\nimport { eq, and, gt } from \"drizzle-orm\";\n\n/**\n * Extended Request with authenticated user context.\n */\nexport interface AuthenticatedRequest extends Request {\n  /**\n   * The authenticated user. Available on all authenticated routes.\n   */\n  authUser: User;\n\n  /**\n   * The current session. Available on all authenticated routes.\n   */\n  authSession: Session;\n\n  /**\n   * @deprecated Use authUser instead\n   */\n  user?: User;\n\n  /**\n   * @deprecated Use authSession instead\n   */\n  session?: Session;\n}\n\nexport interface MiddlewareOptions {\n  /**\n   * Routes that don't require authentication.\n   * Supports exact paths and patterns with wildcards.\n   * @example [\"/health\", \"/public/*\", \"/api/webhooks/*\"]\n   */\n  unauthenticatedRoutes?: string[];\n\n  /**\n   * If true, verify session against the database.\n   * Use for service-to-service calls where headers can't be implicitly trusted.\n   * @default false\n   */\n  verifySession?: boolean;\n\n  /**\n   * Whether to require authentication for non-unauthenticated routes.\n   * Returns 401 on missing/invalid session.\n   * @default true\n   */\n  required?: boolean;\n}\n\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Check if a path matches any of the unauthenticated route patterns.\n */\nfunction isUnauthenticatedRoute(path: string, patterns: string[]): boolean {\n  for (const pattern of patterns) {\n    if (pattern === path) return true;\n\n    // Handle wildcard patterns like \"/public/*\"\n    if (pattern.endsWith(\"/*\")) {\n      const prefix = pattern.slice(0, -2);\n      if (path === prefix || path.startsWith(prefix + \"/\")) {\n        return true;\n      }\n    }\n\n    // Handle double wildcard patterns like \"/api/**/health\"\n    if (pattern.includes(\"**\")) {\n      const regex = new RegExp(\n        \"^\" + pattern.replace(/\\*\\*/g, \".*\").replace(/\\*/g, \"[^/]*\") + \"$\"\n      );\n      if (regex.test(path)) return true;\n    }\n  }\n  return false;\n}\n\n/**\n * Creates Express middleware for session verification.\n * \n * @param db - Database instance created by createDb() (optional, required if using verifySession)\n * \n * @example\n * // Basic usage - trust headers from BFF (no db needed)\n * app.use(createExpressMiddleware()());\n * \n * @example\n * // With DB verification for service-to-service calls\n * import { createDb } from \"hylekit\";\n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * app.use(createExpressMiddleware(db)({ verifySession: true }));\n * \n * @example\n * // With unauthenticated routes\n * app.use(createExpressMiddleware(db)({\n *   unauthenticatedRoutes: [\"/health\", \"/public/*\", \"/api/webhooks/*\"],\n *   verifySession: true\n * }));\n */\nexport const createExpressMiddleware = (db?: HyleDb) => {\n  return (options: MiddlewareOptions = {}) => {\n    const {\n      unauthenticatedRoutes = [],\n      verifySession = false,\n      required = true\n    } = options;\n\n    if (verifySession && !db) {\n      throw new Error(\n        \"[hylekit] CONFIGURATION ERROR: verifySession requires a database instance. \" +\n        \"Pass a db instance to createExpressMiddleware(db).\"\n      );\n    }\n\n    return async (req: Request, res: Response, next: NextFunction) => {\n      const authReq = req as AuthenticatedRequest;\n\n      // Check if route is unauthenticated\n      if (isUnauthenticatedRoute(req.path, unauthenticatedRoutes)) {\n        return next();\n      }\n\n      try {\n        const userHeader = req.headers[\"x-hyle-user\"];\n        const sessionHeader = req.headers[\"x-hyle-session\"];\n\n        // No session header provided\n        if (!sessionHeader || typeof sessionHeader !== \"string\") {\n          if (required) {\n            return res.status(401).json({ error: \"Unauthorized\" });\n          }\n          return next();\n        }\n\n        const sessionData = JSON.parse(\n          Buffer.from(sessionHeader, \"base64\").toString(\"utf-8\")\n        );\n\n        // Verify session against DB if required\n        if (verifySession && db) {\n          const result = await db\n            .select({\n              session: sessionTable,\n              user: userTable,\n            })\n            .from(sessionTable)\n            .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n            .where(\n              and(\n                eq(sessionTable.id, sessionData.id),\n                gt(sessionTable.expiresAt, new Date())\n              )\n            )\n            .limit(1);\n\n          if (result.length === 0) {\n            if (required) {\n              return res.status(401).json({ error: \"Invalid or expired session\" });\n            }\n            return next();\n          }\n\n          // Inject auth context\n          authReq.authUser = result[0].user as User;\n          authReq.authSession = result[0].session as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n\n          return next();\n        }\n\n        // Trust headers mode (for internal BFF calls)\n        let userData: User | undefined;\n\n        if (userHeader && typeof userHeader === \"string\") {\n          userData = JSON.parse(\n            Buffer.from(userHeader, \"base64\").toString(\"utf-8\")\n          );\n        }\n\n        if (!userData && required) {\n          return res.status(401).json({ error: \"Unauthorized\" });\n        }\n\n        if (userData) {\n          // Inject auth context\n          authReq.authUser = userData;\n          authReq.authSession = sessionData as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n        }\n\n        next();\n      } catch (error) {\n        console.error(\"[hyle] Auth middleware error:\", error);\n        if (required) {\n          return res.status(401).json({ error: \"Authentication failed\" });\n        }\n        next();\n      }\n    };\n  };\n};\n\n/**\n * @deprecated Use createExpressMiddleware(db) instead. This export will be removed in a future version.\n */\nexport const middleware = createExpressMiddleware();\n\n/**\n * Type guard to check if request is authenticated.\n */\nexport function isAuthenticated(req: Request): req is AuthenticatedRequest {\n  return !!(req as AuthenticatedRequest).authUser;\n}\n\n/**\n * Helper to get auth context from request.\n * Throws if not authenticated.\n */\nexport function getAuthContext(req: Request): { user: User; session: Session } {\n  const authReq = req as AuthenticatedRequest;\n  if (!authReq.authUser || !authReq.authSession) {\n    throw new Error(\"Request is not authenticated\");\n  }\n  return { user: authReq.authUser, session: authReq.authSession };\n}\n\n/**\n * Express adapter exports\n */\nexport const expressAdapter = {\n  createMiddleware: createExpressMiddleware,\n  /** @deprecated Use createMiddleware instead */\n  middleware,\n  isAuthenticated,\n  getAuthContext,\n};\n\n// Default export for convenience\nexport default expressAdapter;\n","// Core factory functions\nimport { createAuth, type HyleAuthConfig } from \"./lib/auth\";\nimport { createDb, type HyleDbConfig } from \"./lib/db\";\nimport * as schema from \"./lib/schema\";\n\n// Framework adapters (server-only)\nimport { createSvelteKitServer } from \"./server/sveltekit\";\nimport { createNextJsServer } from \"./server/nextjs\";\nimport { createNextJsBff, createSvelteKitBff } from \"./bff/index\";\nimport {\n    expressAdapter,\n    createExpressMiddleware,\n    middleware as expressMiddleware,\n    isAuthenticated,\n    getAuthContext,\n} from \"./server/express\";\n\n// Export types\nexport type {\n    SessionResult,\n    SessionData,\n    UserInfo,\n    Session,\n    User,\n} from \"./client/types\";\n\nexport type { BffClientConfig, RequestOptions } from \"./bff/types\";\n\nexport type {\n    AuthenticatedRequest,\n    MiddlewareOptions,\n} from \"./server/express\";\n\nexport type { HyleAuthConfig, HyleDbConfig };\n\n// Core exports - factory functions for creating db and auth\nexport { createDb, createAuth };\n\n// Schema exports\nexport { user, session, account, verification } from \"./lib/schema\";\nexport { schema };\n\n// Server adapters (factory functions)\nexport { createSvelteKitServer, createNextJsServer };\n\n// Express adapter\nexport { expressAdapter as express };\nexport { createExpressMiddleware, expressMiddleware, isAuthenticated, getAuthContext };\n\n// BFF exports\nexport { createNextJsBff, createSvelteKitBff };\n\n// Namespace exports\nconst bff = {\n    createNextJsBff,\n    createSvelteKitBff\n};\nexport { bff };\n\n// Default export\nconst hyle = {\n    createDb,\n    createAuth,\n    schema,\n    server: {\n        createSvelteKitServer,\n        createNextJsServer,\n        express: expressAdapter\n    },\n    bff\n};\n\nexport default hyle;"],"mappings":";;;;;;;AAAA,OAAO;AACP,SAAS,kBAAkB;AAC3B,SAAS,sBAAsB;;;ACF/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAAS,WAAW,WAAW;AAC/B,SAAS,aAAa,MAAM,SAAS,aAAa;AAE3C,IAAM,OAAO,YAAY,QAAQ;AAAA,EACtC,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,EAC1B,MAAM,KAAK,MAAM,EAAE,QAAQ;AAAA,EAC3B,OAAO,KAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,EACtC,eAAe,QAAQ,kBAAkB,EAAE,MAAM,UAAU,CAAC,EACzD,QAAQ,KAAK,EACb,QAAQ;AAAA,EACX,OAAO,KAAK,OAAO;AAAA,EACnB,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,EACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AACb,CAAC;AAEM,IAAM,UAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,OAAO,KAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,IACtC,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,IACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,IACX,WAAW,KAAK,YAAY;AAAA,IAC5B,WAAW,KAAK,YAAY;AAAA,IAC5B,QAAQ,KAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,EACtD;AAAA,EACA,CAAC,UAAU,CAAC,MAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,UAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,WAAW,KAAK,YAAY,EAAE,QAAQ;AAAA,IACtC,YAAY,KAAK,aAAa,EAAE,QAAQ;AAAA,IACxC,QAAQ,KAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACpD,aAAa,KAAK,cAAc;AAAA,IAChC,cAAc,KAAK,eAAe;AAAA,IAClC,SAAS,KAAK,UAAU;AAAA,IACxB,sBAAsB,QAAQ,2BAA2B;AAAA,MACvD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,uBAAuB,QAAQ,4BAA4B;AAAA,MACzD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,OAAO,KAAK,OAAO;AAAA,IACnB,UAAU,KAAK,UAAU;AAAA,IACzB,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,IACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,CAAC,MAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,eAAe;AAAA,EAC1B;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,YAAY,KAAK,YAAY,EAAE,QAAQ;AAAA,IACvC,OAAO,KAAK,OAAO,EAAE,QAAQ;AAAA,IAC7B,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,IACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,CAAC,MAAM,6BAA6B,EAAE,GAAG,MAAM,UAAU,CAAC;AACvE;AAEO,IAAM,gBAAgB,UAAU,MAAM,CAAC,EAAE,KAAK,OAAO;AAAA,EAC1D,UAAU,KAAK,OAAO;AAAA,EACtB,UAAU,KAAK,OAAO;AACxB,EAAE;AAEK,IAAM,mBAAmB,UAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;AAEK,IAAM,mBAAmB,UAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;;;ADpEF,SAAS,iBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAkCO,SAAS,WAAW,IAAY,QAAwB;AAC3D,mBAAiB,YAAY;AAE7B,QAAM,gBAAgB;AAAA,IAClB,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK,KAAK;AAAA;AAAA,IACvD,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK;AAAA;AAAA,IAClD,aAAa;AAAA,MACT,SAAS,OAAO,SAAS,aAAa,WAAW;AAAA,MACjD,QAAQ,OAAO,SAAS,aAAa,UAAU,KAAK;AAAA;AAAA,IACxD;AAAA,EACJ;AAEA,SAAO,WAAW;AAAA,IACd,UAAU,eAAe,IAAI;AAAA,MACzB,UAAU;AAAA,MACV,QAAQ;AAAA,QACJ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,IACD,SAAS,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,gBAAgB,OAAO;AAAA,IACvB,iBAAiB,OAAO,SAAS;AAAA,MAC7B,QAAQ;AAAA,QACJ,UAAU,OAAO,OAAO;AAAA,QACxB,cAAc,OAAO,OAAO;AAAA,MAChC;AAAA,IACJ,IAAI;AAAA,IACJ,SAAS;AAAA,EACb,CAAC;AACL;;;AE7GA,OAAO;AACP,SAAS,eAAe;AACxB,SAAS,oBAAoB;AAiB7B,SAASA,kBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAqBO,SAAS,SAAS,QAAsB;AAC3C,EAAAA,kBAAiB,UAAU;AAE3B,QAAM,SAAS,aAAa;AAAA,IACxB,KAAK,OAAO;AAAA,IACZ,WAAW,OAAO;AAAA,EACtB,CAAC;AAED,SAAO,QAAQ,QAAQ,EAAE,uBAAO,CAAC;AACrC;;;ACxDA,OAAO;AACP,SAAS,0BAA0B;AA4B5B,SAAS,sBAAsB,MAAgB,IAAY;AAC9D,QAAM,UAAU,mBAAmB,IAAI;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA,IAKA,cAAc,MAAc;AACxB,aAAO,OAAO,EAAE,OAAO,QAAQ,MAAM;AACjC,cAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AAGD,QAAC,MAAM,OAAmC,UAAUA;AACpD,QAAC,MAAM,OAAmC,OAAOA,UAAS,QAAQ;AAElE,eAAO,QAAQ,KAAK;AAAA,MACxB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY,OAAO,UAAgD;AAC/D,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA,IAKA,iBAAiB,OAAO,UAA0C;AAC9D,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,OAAO,UAAwB,SAAkC;AACpE,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,IAAI,MAAM,GAAG,GAAG,IAAI;AAAA,MAClF;AAAA,IACJ;AAAA,EACJ;AACJ;;;ACrGA,OAAO;AACP,SAAS,uBAAuB;AAChC,SAAS,eAAe;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAC3D,QAAM,UAAU,gBAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,UAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,MAAM,QAAQ;AACrC,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;;;AC1GO,IAAM,gBAAN,MAAoB;AAAA,EACvB,YAAoB,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAE9C,MAAgB,QACZ,MACA,QACA,UAA0B,CAAC,GACjB;AACV,UAAM,MAAM,IAAI,IAAI,MAAM,KAAK,OAAO,OAAO;AAE7C,QAAI,QAAQ,OAAO;AACf,aAAO,QAAQ,QAAQ,KAAK,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,UAAU,QAAW;AACrB,cAAI,aAAa,OAAO,KAAK,OAAO,KAAK,CAAC;AAAA,QAC9C;AAAA,MACJ,CAAC;AAAA,IACL;AAEA,UAAMC,WAAU,IAAI,QAAQ,QAAQ,WAAW,CAAC,CAAC;AAGjD,QAAI,KAAK,OAAO,SAAS;AACrB,aAAO,QAAQ,KAAK,OAAO,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC1D,YAAI,CAACA,SAAQ,IAAI,GAAG,GAAG;AACnB,UAAAA,SAAQ,IAAI,KAAK,KAAK;AAAA,QAC1B;AAAA,MACJ,CAAC;AAAA,IACL;AAGA,QAAI,QAAQ,QAAQ,EAAE,QAAQ,gBAAgB,aAAa,CAACA,SAAQ,IAAI,cAAc,GAAG;AACrF,MAAAA,SAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAClD;AAEA,UAAM,WAAW,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACzC,GAAG;AAAA,MACH;AAAA,MACA,SAAAA;AAAA,IACJ,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AACd,YAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,IACnF;AAGA,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,QAAI,eAAe,YAAY,SAAS,kBAAkB,GAAG;AACzD,aAAO,SAAS,KAAK;AAAA,IACzB;AAEA,WAAO,SAAS,KAAK;AAAA,EACzB;AACJ;;;ACvDA,SAAS,WAAAC,gBAAe;AAQjB,IAAM,kBAAN,cAA8B,cAAc;AAAA,EAG/C,YAAY,MAAgB,QAAyB;AACjD,UAAM,MAAM;AACZ,SAAK,OAAO;AAAA,EAChB;AAAA,EAEA,MAAc,iBAAkD;AAC5D,QAAI;AACA,YAAM,iBAAiB,MAAMA,SAAQ;AACrC,YAAM,cAAc,MAAM,KAAK,KAAK,IAAI,WAAW;AAAA,QAC/C,SAAS;AAAA,MACb,CAAC;AAED,UAAI,CAAC,YAAa,QAAO,CAAC;AAE1B,aAAO;AAAA,QACH,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ,SAAS,GAAG;AAER,aAAO,CAAC;AAAA,IACZ;AAAA,EACJ;AAAA,EAEA,MAAM,IAAO,MAAc,SAAsC;AAC7D,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,KAAQ,MAAc,MAAY,SAAsC;AAC1E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,QAAQ;AAAA,MACjC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,IAAO,MAAc,MAAY,SAAsC;AACzE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,MAAS,MAAc,MAAY,SAAsC;AAC3E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,SAAS;AAAA,MAClC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,OAAU,MAAc,SAAsC;AAChE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,UAAU;AAAA,MACnC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AACJ;AAsBO,IAAM,kBAAkB,CAAC,MAAgB,oBAA8C;AAC1F,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,gBAAgB,MAAM,MAAM;AAC3C;;;ACrHO,IAAM,qBAAN,cAAiC,cAAc;AAAA,EAClD,YAAY,QAAyB;AACjC,UAAM,MAAM;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,OAAqB;AAGtB,UAAM,cAAe,MAAM,OAAe;AAC1C,QAAI,cAAsC,CAAC;AAE3C,QAAI,aAAa,QAAQ,aAAa,SAAS;AAC3C,oBAAc;AAAA,QACV,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,KAAK,CAAI,MAAc,YACnB,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,MAAM,CAAI,MAAc,MAAY,YAChC,KAAK,QAAW,MAAM,QAAQ;AAAA,QAC1B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,KAAK,CAAI,MAAc,MAAY,YAC/B,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,OAAO,CAAI,MAAc,MAAY,YACjC,KAAK,QAAW,MAAM,SAAS;AAAA,QAC3B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,QAAQ,CAAI,MAAc,YACtB,KAAK,QAAW,MAAM,UAAU;AAAA,QAC5B,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,IACT;AAAA,EACJ;AACJ;AAEO,IAAM,qBAAqB,CAAC,oBAA8C;AAC7E,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,mBAAmB,MAAM;AACxC;;;ACjEA,SAAS,IAAI,KAAK,UAAU;AAwD5B,SAAS,uBAAuB,MAAc,UAA6B;AACzE,aAAW,WAAW,UAAU;AAC9B,QAAI,YAAY,KAAM,QAAO;AAG7B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,UAAI,SAAS,UAAU,KAAK,WAAW,SAAS,GAAG,GAAG;AACpD,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,QAAQ,IAAI;AAAA,QAChB,MAAM,QAAQ,QAAQ,SAAS,IAAI,EAAE,QAAQ,OAAO,OAAO,IAAI;AAAA,MACjE;AACA,UAAI,MAAM,KAAK,IAAI,EAAG,QAAO;AAAA,IAC/B;AAAA,EACF;AACA,SAAO;AACT;AAwBO,IAAM,0BAA0B,CAAC,OAAgB;AACtD,SAAO,CAAC,UAA6B,CAAC,MAAM;AAC1C,UAAM;AAAA,MACJ,wBAAwB,CAAC;AAAA,MACzB,gBAAgB;AAAA,MAChB,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,iBAAiB,CAAC,IAAI;AACxB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,WAAO,OAAO,KAAc,KAAe,SAAuB;AAChE,YAAM,UAAU;AAGhB,UAAI,uBAAuB,IAAI,MAAM,qBAAqB,GAAG;AAC3D,eAAO,KAAK;AAAA,MACd;AAEA,UAAI;AACF,cAAM,aAAa,IAAI,QAAQ,aAAa;AAC5C,cAAM,gBAAgB,IAAI,QAAQ,gBAAgB;AAGlD,YAAI,CAAC,iBAAiB,OAAO,kBAAkB,UAAU;AACvD,cAAI,UAAU;AACZ,mBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,UACvD;AACA,iBAAO,KAAK;AAAA,QACd;AAEA,cAAM,cAAc,KAAK;AAAA,UACvB,OAAO,KAAK,eAAe,QAAQ,EAAE,SAAS,OAAO;AAAA,QACvD;AAGA,YAAI,iBAAiB,IAAI;AACvB,gBAAM,SAAS,MAAM,GAClB,OAAO;AAAA,YACN;AAAA,YACA;AAAA,UACF,CAAC,EACA,KAAK,OAAY,EACjB,UAAU,MAAW,GAAG,QAAa,QAAQ,KAAU,EAAE,CAAC,EAC1D;AAAA,YACC;AAAA,cACE,GAAG,QAAa,IAAI,YAAY,EAAE;AAAA,cAClC,GAAG,QAAa,WAAW,oBAAI,KAAK,CAAC;AAAA,YACvC;AAAA,UACF,EACC,MAAM,CAAC;AAEV,cAAI,OAAO,WAAW,GAAG;AACvB,gBAAI,UAAU;AACZ,qBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,YACrE;AACA,mBAAO,KAAK;AAAA,UACd;AAGA,kBAAQ,WAAW,OAAO,CAAC,EAAE;AAC7B,kBAAQ,cAAc,OAAO,CAAC,EAAE;AAGhC,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAE1B,iBAAO,KAAK;AAAA,QACd;AAGA,YAAI;AAEJ,YAAI,cAAc,OAAO,eAAe,UAAU;AAChD,qBAAW,KAAK;AAAA,YACd,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,OAAO;AAAA,UACpD;AAAA,QACF;AAEA,YAAI,CAAC,YAAY,UAAU;AACzB,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,QACvD;AAEA,YAAI,UAAU;AAEZ,kBAAQ,WAAW;AACnB,kBAAQ,cAAc;AAGtB,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAAA,QAC5B;AAEA,aAAK;AAAA,MACP,SAAS,OAAO;AACd,gBAAQ,MAAM,iCAAiC,KAAK;AACpD,YAAI,UAAU;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,wBAAwB,CAAC;AAAA,QAChE;AACA,aAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;AAKO,IAAM,aAAa,wBAAwB;AAK3C,SAAS,gBAAgB,KAA2C;AACzE,SAAO,CAAC,CAAE,IAA6B;AACzC;AAMO,SAAS,eAAe,KAAgD;AAC7E,QAAM,UAAU;AAChB,MAAI,CAAC,QAAQ,YAAY,CAAC,QAAQ,aAAa;AAC7C,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,SAAO,EAAE,MAAM,QAAQ,UAAU,SAAS,QAAQ,YAAY;AAChE;AAKO,IAAM,iBAAiB;AAAA,EAC5B,kBAAkB;AAAA;AAAA,EAElB;AAAA,EACA;AAAA,EACA;AACF;;;ACjMA,IAAM,MAAM;AAAA,EACR;AAAA,EACA;AACJ;AAIA,IAAM,OAAO;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,IACJ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACb;AAAA,EACA;AACJ;AAEA,IAAO,cAAQ;","names":["assertServerOnly","session","session","headers","headers"]}
+{"version":3,"sources":["../src/lib/auth.ts","../src/lib/schema.ts","../src/lib/db.ts","../src/server/sveltekit.ts","../src/server/nextjs.ts","../src/bff/client.ts","../src/bff/nextjs.ts","../src/bff/sveltekit.ts","../src/server/express.ts","../src/index.ts"],"sourcesContent":["import \"server-only\";\nimport { betterAuth } from \"better-auth\";\nimport { drizzleAdapter } from \"better-auth/adapters/drizzle\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for Hyle authentication.\n */\nexport interface HyleAuthConfig {\n    /** Base URL for the auth server (e.g., \"https://myapp.com\") */\n    baseURL: string;\n    /** Secret key for signing sessions and tokens */\n    secret: string;\n    /** List of trusted origins for CORS (optional) */\n    trustedOrigins?: string[];\n    /** Google OAuth configuration (optional) */\n    google?: {\n        clientId: string;\n        clientSecret: string;\n    };\n    /** Session configuration (optional, uses sensible defaults) */\n    session?: {\n        /** Session expiry in seconds (default: 7 days) */\n        expiresIn?: number;\n        /** Session update interval in seconds (default: 24 hours) */\n        updateAge?: number;\n        /** Cookie cache settings */\n        cookieCache?: {\n            enabled?: boolean;\n            maxAge?: number;\n        };\n    };\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n// Type for the database created by createDb\ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle<typeof schema>>;\n\n/**\n * Creates a BetterAuth instance with the provided configuration.\n * \n * @param db - Database instance created by createDb()\n * @param config - Authentication configuration\n * @returns A BetterAuth instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/auth.ts)\n * import { createDb, createAuth } from \"hylekit\";\n * \n * const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * \n * export const auth = createAuth(db, {\n *     baseURL: process.env.BETTER_AUTH_URL!,\n *     secret: process.env.BETTER_AUTH_SECRET!,\n *     google: {\n *         clientId: process.env.GOOGLE_CLIENT_ID!,\n *         clientSecret: process.env.GOOGLE_CLIENT_SECRET!,\n *     },\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createAuth(db: HyleDb, config: HyleAuthConfig) {\n    assertServerOnly('createAuth');\n\n    const sessionConfig = {\n        expiresIn: config.session?.expiresIn ?? 60 * 60 * 24 * 7, // 7 days\n        updateAge: config.session?.updateAge ?? 60 * 60 * 24, // 24 hours\n        cookieCache: {\n            enabled: config.session?.cookieCache?.enabled ?? true,\n            maxAge: config.session?.cookieCache?.maxAge ?? 60 * 5, // 5 minutes\n        },\n    };\n\n    return betterAuth({\n        database: drizzleAdapter(db, {\n            provider: \"sqlite\",\n            schema: {\n                ...schema\n            }\n        }),\n        baseURL: config.baseURL,\n        secret: config.secret,\n        trustedOrigins: config.trustedOrigins,\n        socialProviders: config.google ? {\n            google: {\n                clientId: config.google.clientId,\n                clientSecret: config.google.clientSecret,\n            },\n        } : undefined,\n        session: sessionConfig,\n    });\n}\n\nexport { schema };\n","import { relations, sql } from \"drizzle-orm\";\nimport { sqliteTable, text, integer, index } from \"drizzle-orm/sqlite-core\";\n\nexport const user = sqliteTable(\"user\", {\n  id: text(\"id\").primaryKey(),\n  name: text(\"name\").notNull(),\n  email: text(\"email\").notNull().unique(),\n  emailVerified: integer(\"email_verified\", { mode: \"boolean\" })\n    .default(false)\n    .notNull(),\n  image: text(\"image\"),\n  createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .notNull(),\n  updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n    .$onUpdate(() => /* @__PURE__ */ new Date())\n    .notNull(),\n});\n\nexport const session = sqliteTable(\n  \"session\",\n  {\n    id: text(\"id\").primaryKey(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    token: text(\"token\").notNull().unique(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n    ipAddress: text(\"ip_address\"),\n    userAgent: text(\"user_agent\"),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n  },\n  (table) => [index(\"session_userId_idx\").on(table.userId)],\n);\n\nexport const account = sqliteTable(\n  \"account\",\n  {\n    id: text(\"id\").primaryKey(),\n    accountId: text(\"account_id\").notNull(),\n    providerId: text(\"provider_id\").notNull(),\n    userId: text(\"user_id\")\n      .notNull()\n      .references(() => user.id, { onDelete: \"cascade\" }),\n    accessToken: text(\"access_token\"),\n    refreshToken: text(\"refresh_token\"),\n    idToken: text(\"id_token\"),\n    accessTokenExpiresAt: integer(\"access_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    refreshTokenExpiresAt: integer(\"refresh_token_expires_at\", {\n      mode: \"timestamp_ms\",\n    }),\n    scope: text(\"scope\"),\n    password: text(\"password\"),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"account_userId_idx\").on(table.userId)],\n);\n\nexport const verification = sqliteTable(\n  \"verification\",\n  {\n    id: text(\"id\").primaryKey(),\n    identifier: text(\"identifier\").notNull(),\n    value: text(\"value\").notNull(),\n    expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n    createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .notNull(),\n    updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n      .$onUpdate(() => /* @__PURE__ */ new Date())\n      .notNull(),\n  },\n  (table) => [index(\"verification_identifier_idx\").on(table.identifier)],\n);\n\nexport const userRelations = relations(user, ({ many }) => ({\n  sessions: many(session),\n  accounts: many(account),\n}));\n\nexport const sessionRelations = relations(session, ({ one }) => ({\n  user: one(user, {\n    fields: [session.userId],\n    references: [user.id],\n  }),\n}));\n\nexport const accountRelations = relations(account, ({ one }) => ({\n  user: one(user, {\n    fields: [account.userId],\n    references: [user.id],\n  }),\n}));\n","import \"server-only\";\nimport { drizzle } from \"drizzle-orm/libsql\";\nimport { createClient } from \"@libsql/client\";\nimport * as schema from \"./schema\";\n\n/**\n * Configuration for the Hyle database connection.\n */\nexport interface HyleDbConfig {\n    /** Turso/LibSQL database URL */\n    url: string;\n    /** Authentication token for the database (required for remote Turso databases) */\n    authToken?: string;\n}\n\n/**\n * Throws an error if called on the client side.\n * This prevents accidental exposure of secrets in browser bundles.\n */\nfunction assertServerOnly(configName: string): void {\n    if (typeof window !== 'undefined') {\n        throw new Error(\n            `[hylekit] SECURITY ERROR: \"${configName}\" contains secrets and must not be used on the client side. ` +\n            `Only call ${configName}() in server-side code (e.g., API routes, server components, +page.server.ts).`\n        );\n    }\n}\n\n/**\n * Creates a database connection with the provided configuration.\n * \n * @param config - Database configuration\n * @returns A Drizzle database instance\n * \n * @example\n * ```typescript\n * // In your server-side code (e.g., lib/db.ts)\n * import { createDb } from \"hylekit\";\n * \n * export const db = createDb({\n *     url: process.env.HYLE_DATABASE_URL!,\n *     authToken: process.env.HYLE_DATABASE_AUTH_TOKEN,\n * });\n * ```\n * \n * @throws Error if called on the client side\n */\nexport function createDb(config: HyleDbConfig) {\n    assertServerOnly('createDb');\n\n    const client = createClient({\n        url: config.url,\n        authToken: config.authToken,\n    });\n\n    return drizzle(client, { schema });\n}\n\nexport { schema };\n","import \"server-only\";\nimport { toSvelteKitHandler } from \"better-auth/svelte-kit\";\nimport type { Handle, RequestEvent } from \"@sveltejs/kit\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates SvelteKit server-side auth utilities.\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for SvelteKit\n * \n * @example\n * ```typescript\n * // In src/lib/server/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createSvelteKitServer } from \"hylekit/sveltekit\";\n * \n * const db = createDb({ url: env.HYLE_DATABASE_URL, authToken: env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: env.PUBLIC_APP_URL, secret: env.BETTER_AUTH_SECRET, ... });\n * \n * export const { handler, getSession, isAuthenticated, createHandle, makeAuthenticatedCall } = createSvelteKitServer(auth, db);\n * ```\n */\nexport function createSvelteKitServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toSvelteKitHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * SvelteKit request handler for auth routes.\n         * Place this in `src/routes/api/auth/[...auth]/+server.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Creates a SvelteKit handle hook for session management.\n         */\n        createHandle: (): Handle => {\n            return async ({ event, resolve }) => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n\n                // Set on locals - consumer must extend App.Locals type\n                (event.locals as Record<string, unknown>).session = session;\n                (event.locals as Record<string, unknown>).user = session?.user ?? null;\n\n                return resolve(event);\n            };\n        },\n\n        /**\n         * Get session from request event.\n         */\n        getSession: async (event: RequestEvent): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: event.request.headers,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         */\n        isAuthenticated: async (event: RequestEvent): Promise<boolean> => {\n            const session = await auth.api.getSession({\n                headers: event.request.headers,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db; event: RequestEvent }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (event: RequestEvent, ...args: TArgs): Promise<TReturn> => {\n                const session = await auth.api.getSession({\n                    headers: event.request.headers,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db, event }, ...args);\n            }\n        }\n    };\n}\n","import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    // toNextJsHandler already returns { GET, POST }\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler,\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n","import type { BffClientConfig, FetchMethod, RequestOptions } from \"./types\";\n\n/**\n * Base client logic.\n */\nexport class BffClientBase {\n    constructor(private config: BffClientConfig) {}\n\n    protected async request<T>(\n        path: string,\n        method: FetchMethod,\n        options: RequestOptions = {}\n    ): Promise<T> {\n        const url = new URL(path, this.config.baseUrl);\n        \n        if (options.query) {\n            Object.entries(options.query).forEach(([key, value]) => {\n                if (value !== undefined) {\n                    url.searchParams.append(key, String(value));\n                }\n            });\n        }\n\n        const headers = new Headers(options.headers || {});\n        \n        // Add default headers\n        if (this.config.headers) {\n            Object.entries(this.config.headers).forEach(([key, value]) => {\n                if (!headers.has(key)) {\n                    headers.set(key, value);\n                }\n            });\n        }\n\n        // Set Content-Type if body is present and not FormData\n        if (options.body && !(options.body instanceof FormData) && !headers.has(\"Content-Type\")) {\n            headers.set(\"Content-Type\", \"application/json\");\n        }\n\n        const response = await fetch(url.toString(), {\n            ...options,\n            method,\n            headers,\n        });\n\n        if (!response.ok) {\n            throw new Error(`BFF Request Failed: ${response.status} ${response.statusText}`);\n        }\n\n        // Retrieve the Content-Type header to check if the response is JSON\n        const contentType = response.headers.get(\"content-type\");\n        if (contentType && contentType.includes(\"application/json\")) {\n            return response.json() as Promise<T>;\n        }\n        \n        return response.text() as unknown as Promise<T>;\n    }\n}\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport { headers } from \"next/headers\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n\n/**\n * Next.js BFF Client that requires an auth instance.\n */\nexport class NextJsBffClient extends BffClientBase {\n    private auth: HyleAuth;\n\n    constructor(auth: HyleAuth, config: BffClientConfig) {\n        super(config);\n        this.auth = auth;\n    }\n\n    private async getAuthHeaders(): Promise<Record<string, string>> {\n        try {\n            const requestHeaders = await headers();\n            const sessionData = await this.auth.api.getSession({\n                headers: requestHeaders\n            });\n\n            if (!sessionData) return {};\n\n            return {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        } catch (e) {\n            // Context where headers() is not available (e.g. static generation)\n            return {};\n        }\n    }\n\n    async get<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"GET\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async post<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"POST\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async put<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PUT\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async patch<T>(path: string, body?: any, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"PATCH\", {\n            ...options,\n            body: JSON.stringify(body),\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n\n    async delete<T>(path: string, options?: RequestOptions): Promise<T> {\n        const authHeaders = await this.getAuthHeaders();\n        return this.request<T>(path, \"DELETE\", {\n            ...options,\n            headers: {\n                ...options?.headers,\n                ...authHeaders\n            }\n        });\n    }\n}\n\n/**\n * Creates a Next.js BFF client for making authenticated requests to your Express API.\n * \n * @param auth - Auth instance created by createAuth()\n * @param baseUrlOrConfig - Base URL string or full config object\n * \n * @example\n * ```typescript\n * // In lib/bff.ts\n * import { createDb, createAuth, createNextJsBff } from \"hylekit\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { ... });\n * \n * export const bff = createNextJsBff(auth, process.env.EXPRESS_API_URL!);\n * \n * // Usage in server components\n * const data = await bff.get(\"/api/data\");\n * ```\n */\nexport const createNextJsBff = (auth: HyleAuth, baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\"\n        ? { baseUrl: baseUrlOrConfig }\n        : baseUrlOrConfig;\n    return new NextJsBffClient(auth, config);\n};\n","import { BffClientBase } from \"./client\";\nimport type { BffClientConfig, RequestOptions } from \"./types\";\nimport type { RequestEvent } from \"@sveltejs/kit\";\n\nexport class SvelteKitBffClient extends BffClientBase {\n    constructor(config: BffClientConfig) {\n        super(config);\n    }\n\n    /**\n     * Creates a request context bound to a specific SvelteKit event.\n     * This is necessary because SvelteKit doesn't have global request storage.\n     */\n    with(event: RequestEvent) {\n        // Extract token from locals if available (set by our handle hook)\n        // or try to get it from session.\n        const sessionData = (event.locals as any).session;\n        let authHeaders: Record<string, string> = {};\n\n        if (sessionData?.user && sessionData?.session) {\n            authHeaders = {\n                \"x-hyle-user\": Buffer.from(JSON.stringify(sessionData.user)).toString(\"base64\"),\n                \"x-hyle-session\": Buffer.from(JSON.stringify(sessionData.session)).toString(\"base64\")\n            };\n        }\n\n        return {\n            get: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"GET\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n            \n            post: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"POST\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            put: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PUT\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            patch: <T>(path: string, body?: any, options?: RequestOptions) => \n                this.request<T>(path, \"PATCH\", { \n                    ...options, \n                    body: JSON.stringify(body),\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n\n            delete: <T>(path: string, options?: RequestOptions) => \n                this.request<T>(path, \"DELETE\", {\n                    ...options,\n                    headers: { ...options?.headers, ...authHeaders }\n                }),\n        };\n    }\n}\n\nexport const createSvelteKitBff = (baseUrlOrConfig: string | BffClientConfig) => {\n    const config = typeof baseUrlOrConfig === \"string\" \n        ? { baseUrl: baseUrlOrConfig } \n        : baseUrlOrConfig;\n    return new SvelteKitBffClient(config);\n};\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { Session, User } from \"better-auth\";\nimport { session as sessionTable, user as userTable } from \"../lib/schema\";\nimport { eq, and, gt } from \"drizzle-orm\";\n\n/**\n * Extended Request with authenticated user context.\n */\nexport interface AuthenticatedRequest extends Request {\n  /**\n   * The authenticated user. Available on all authenticated routes.\n   */\n  authUser: User;\n\n  /**\n   * The current session. Available on all authenticated routes.\n   */\n  authSession: Session;\n\n  /**\n   * @deprecated Use authUser instead\n   */\n  user?: User;\n\n  /**\n   * @deprecated Use authSession instead\n   */\n  session?: Session;\n}\n\nexport interface MiddlewareOptions {\n  /**\n   * Routes that don't require authentication.\n   * Supports exact paths and patterns with wildcards.\n   * @example [\"/health\", \"/public/*\", \"/api/webhooks/*\"]\n   */\n  unauthenticatedRoutes?: string[];\n\n  /**\n   * If true, verify session against the database.\n   * Use for service-to-service calls where headers can't be implicitly trusted.\n   * @default false\n   */\n  verifySession?: boolean;\n\n  /**\n   * Whether to require authentication for non-unauthenticated routes.\n   * Returns 401 on missing/invalid session.\n   * @default true\n   */\n  required?: boolean;\n}\n\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Check if a path matches any of the unauthenticated route patterns.\n */\nfunction isUnauthenticatedRoute(path: string, patterns: string[]): boolean {\n  for (const pattern of patterns) {\n    if (pattern === path) return true;\n\n    // Handle wildcard patterns like \"/public/*\"\n    if (pattern.endsWith(\"/*\")) {\n      const prefix = pattern.slice(0, -2);\n      if (path === prefix || path.startsWith(prefix + \"/\")) {\n        return true;\n      }\n    }\n\n    // Handle double wildcard patterns like \"/api/**/health\"\n    if (pattern.includes(\"**\")) {\n      const regex = new RegExp(\n        \"^\" + pattern.replace(/\\*\\*/g, \".*\").replace(/\\*/g, \"[^/]*\") + \"$\"\n      );\n      if (regex.test(path)) return true;\n    }\n  }\n  return false;\n}\n\n/**\n * Creates Express middleware for session verification.\n * \n * @param db - Database instance created by createDb() (optional, required if using verifySession)\n * \n * @example\n * // Basic usage - trust headers from BFF (no db needed)\n * app.use(createExpressMiddleware()());\n * \n * @example\n * // With DB verification for service-to-service calls\n * import { createDb } from \"hylekit\";\n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * app.use(createExpressMiddleware(db)({ verifySession: true }));\n * \n * @example\n * // With unauthenticated routes\n * app.use(createExpressMiddleware(db)({\n *   unauthenticatedRoutes: [\"/health\", \"/public/*\", \"/api/webhooks/*\"],\n *   verifySession: true\n * }));\n */\nexport const createExpressMiddleware = (db?: HyleDb) => {\n  return (options: MiddlewareOptions = {}) => {\n    const {\n      unauthenticatedRoutes = [],\n      verifySession = false,\n      required = true\n    } = options;\n\n    if (verifySession && !db) {\n      throw new Error(\n        \"[hylekit] CONFIGURATION ERROR: verifySession requires a database instance. \" +\n        \"Pass a db instance to createExpressMiddleware(db).\"\n      );\n    }\n\n    return async (req: Request, res: Response, next: NextFunction) => {\n      const authReq = req as AuthenticatedRequest;\n\n      // Check if route is unauthenticated\n      if (isUnauthenticatedRoute(req.path, unauthenticatedRoutes)) {\n        return next();\n      }\n\n      try {\n        const userHeader = req.headers[\"x-hyle-user\"];\n        const sessionHeader = req.headers[\"x-hyle-session\"];\n\n        // No session header provided\n        if (!sessionHeader || typeof sessionHeader !== \"string\") {\n          if (required) {\n            return res.status(401).json({ error: \"Unauthorized\" });\n          }\n          return next();\n        }\n\n        const sessionData = JSON.parse(\n          Buffer.from(sessionHeader, \"base64\").toString(\"utf-8\")\n        );\n\n        // Verify session against DB if required\n        if (verifySession && db) {\n          const result = await db\n            .select({\n              session: sessionTable,\n              user: userTable,\n            })\n            .from(sessionTable)\n            .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n            .where(\n              and(\n                eq(sessionTable.id, sessionData.id),\n                gt(sessionTable.expiresAt, new Date())\n              )\n            )\n            .limit(1);\n\n          if (result.length === 0) {\n            if (required) {\n              return res.status(401).json({ error: \"Invalid or expired session\" });\n            }\n            return next();\n          }\n\n          // Inject auth context\n          authReq.authUser = result[0].user as User;\n          authReq.authSession = result[0].session as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n\n          return next();\n        }\n\n        // Trust headers mode (for internal BFF calls)\n        let userData: User | undefined;\n\n        if (userHeader && typeof userHeader === \"string\") {\n          userData = JSON.parse(\n            Buffer.from(userHeader, \"base64\").toString(\"utf-8\")\n          );\n        }\n\n        if (!userData && required) {\n          return res.status(401).json({ error: \"Unauthorized\" });\n        }\n\n        if (userData) {\n          // Inject auth context\n          authReq.authUser = userData;\n          authReq.authSession = sessionData as Session;\n\n          // Keep deprecated properties for backwards compatibility\n          authReq.user = authReq.authUser;\n          authReq.session = authReq.authSession;\n        }\n\n        next();\n      } catch (error) {\n        console.error(\"[hyle] Auth middleware error:\", error);\n        if (required) {\n          return res.status(401).json({ error: \"Authentication failed\" });\n        }\n        next();\n      }\n    };\n  };\n};\n\n/**\n * @deprecated Use createExpressMiddleware(db) instead. This export will be removed in a future version.\n */\nexport const middleware = createExpressMiddleware();\n\n/**\n * Type guard to check if request is authenticated.\n */\nexport function isAuthenticated(req: Request): req is AuthenticatedRequest {\n  return !!(req as AuthenticatedRequest).authUser;\n}\n\n/**\n * Helper to get auth context from request.\n * Throws if not authenticated.\n */\nexport function getAuthContext(req: Request): { user: User; session: Session } {\n  const authReq = req as AuthenticatedRequest;\n  if (!authReq.authUser || !authReq.authSession) {\n    throw new Error(\"Request is not authenticated\");\n  }\n  return { user: authReq.authUser, session: authReq.authSession };\n}\n\n/**\n * Express adapter exports\n */\nexport const expressAdapter = {\n  createMiddleware: createExpressMiddleware,\n  /** @deprecated Use createMiddleware instead */\n  middleware,\n  isAuthenticated,\n  getAuthContext,\n};\n\n// Default export for convenience\nexport default expressAdapter;\n","// Core factory functions\nimport { createAuth, type HyleAuthConfig } from \"./lib/auth\";\nimport { createDb, type HyleDbConfig } from \"./lib/db\";\nimport * as schema from \"./lib/schema\";\n\n// Framework adapters (server-only)\nimport { createSvelteKitServer } from \"./server/sveltekit\";\nimport { createNextJsServer } from \"./server/nextjs\";\nimport { createNextJsBff, createSvelteKitBff } from \"./bff/index\";\nimport {\n    expressAdapter,\n    createExpressMiddleware,\n    middleware as expressMiddleware,\n    isAuthenticated,\n    getAuthContext,\n} from \"./server/express\";\n\n// Export types\nexport type {\n    SessionResult,\n    SessionData,\n    UserInfo,\n    Session,\n    User,\n} from \"./client/types\";\n\nexport type { BffClientConfig, RequestOptions } from \"./bff/types\";\n\nexport type {\n    AuthenticatedRequest,\n    MiddlewareOptions,\n} from \"./server/express\";\n\nexport type { HyleAuthConfig, HyleDbConfig };\n\n// Core exports - factory functions for creating db and auth\nexport { createDb, createAuth };\n\n// Schema exports\nexport { user, session, account, verification } from \"./lib/schema\";\nexport { schema };\n\n// Server adapters (factory functions)\nexport { createSvelteKitServer, createNextJsServer };\n\n// Express adapter\nexport { expressAdapter as express };\nexport { createExpressMiddleware, expressMiddleware, isAuthenticated, getAuthContext };\n\n// BFF exports\nexport { createNextJsBff, createSvelteKitBff };\n\n// Namespace exports\nconst bff = {\n    createNextJsBff,\n    createSvelteKitBff\n};\nexport { bff };\n\n// Default export\nconst hyle = {\n    createDb,\n    createAuth,\n    schema,\n    server: {\n        createSvelteKitServer,\n        createNextJsServer,\n        express: expressAdapter\n    },\n    bff\n};\n\nexport default hyle;"],"mappings":";;;;;;;AAAA,OAAO;AACP,SAAS,kBAAkB;AAC3B,SAAS,sBAAsB;;;ACF/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAAS,WAAW,WAAW;AAC/B,SAAS,aAAa,MAAM,SAAS,aAAa;AAE3C,IAAM,OAAO,YAAY,QAAQ;AAAA,EACtC,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,EAC1B,MAAM,KAAK,MAAM,EAAE,QAAQ;AAAA,EAC3B,OAAO,KAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,EACtC,eAAe,QAAQ,kBAAkB,EAAE,MAAM,UAAU,CAAC,EACzD,QAAQ,KAAK,EACb,QAAQ;AAAA,EACX,OAAO,KAAK,OAAO;AAAA,EACnB,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,EACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AACb,CAAC;AAEM,IAAM,UAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,OAAO,KAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,IACtC,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,IACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,IACX,WAAW,KAAK,YAAY;AAAA,IAC5B,WAAW,KAAK,YAAY;AAAA,IAC5B,QAAQ,KAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,EACtD;AAAA,EACA,CAAC,UAAU,CAAC,MAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,UAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,WAAW,KAAK,YAAY,EAAE,QAAQ;AAAA,IACtC,YAAY,KAAK,aAAa,EAAE,QAAQ;AAAA,IACxC,QAAQ,KAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACpD,aAAa,KAAK,cAAc;AAAA,IAChC,cAAc,KAAK,eAAe;AAAA,IAClC,SAAS,KAAK,UAAU;AAAA,IACxB,sBAAsB,QAAQ,2BAA2B;AAAA,MACvD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,uBAAuB,QAAQ,4BAA4B;AAAA,MACzD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,OAAO,KAAK,OAAO;AAAA,IACnB,UAAU,KAAK,UAAU;AAAA,IACzB,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,IACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,CAAC,MAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,eAAe;AAAA,EAC1B;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,YAAY,KAAK,YAAY,EAAE,QAAQ;AAAA,IACvC,OAAO,KAAK,OAAO,EAAE,QAAQ;AAAA,IAC7B,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,QAAQ;AAAA,IACX,WAAW,QAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,qDAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,CAAC,MAAM,6BAA6B,EAAE,GAAG,MAAM,UAAU,CAAC;AACvE;AAEO,IAAM,gBAAgB,UAAU,MAAM,CAAC,EAAE,KAAK,OAAO;AAAA,EAC1D,UAAU,KAAK,OAAO;AAAA,EACtB,UAAU,KAAK,OAAO;AACxB,EAAE;AAEK,IAAM,mBAAmB,UAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;AAEK,IAAM,mBAAmB,UAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;;;ADpEF,SAAS,iBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAkCO,SAAS,WAAW,IAAY,QAAwB;AAC3D,mBAAiB,YAAY;AAE7B,QAAM,gBAAgB;AAAA,IAClB,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK,KAAK;AAAA;AAAA,IACvD,WAAW,OAAO,SAAS,aAAa,KAAK,KAAK;AAAA;AAAA,IAClD,aAAa;AAAA,MACT,SAAS,OAAO,SAAS,aAAa,WAAW;AAAA,MACjD,QAAQ,OAAO,SAAS,aAAa,UAAU,KAAK;AAAA;AAAA,IACxD;AAAA,EACJ;AAEA,SAAO,WAAW;AAAA,IACd,UAAU,eAAe,IAAI;AAAA,MACzB,UAAU;AAAA,MACV,QAAQ;AAAA,QACJ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,IACD,SAAS,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,gBAAgB,OAAO;AAAA,IACvB,iBAAiB,OAAO,SAAS;AAAA,MAC7B,QAAQ;AAAA,QACJ,UAAU,OAAO,OAAO;AAAA,QACxB,cAAc,OAAO,OAAO;AAAA,MAChC;AAAA,IACJ,IAAI;AAAA,IACJ,SAAS;AAAA,EACb,CAAC;AACL;;;AE7GA,OAAO;AACP,SAAS,eAAe;AACxB,SAAS,oBAAoB;AAiB7B,SAASA,kBAAiB,YAA0B;AAChD,MAAI,OAAO,WAAW,aAAa;AAC/B,UAAM,IAAI;AAAA,MACN,8BAA8B,UAAU,yEAC3B,UAAU;AAAA,IAC3B;AAAA,EACJ;AACJ;AAqBO,SAAS,SAAS,QAAsB;AAC3C,EAAAA,kBAAiB,UAAU;AAE3B,QAAM,SAAS,aAAa;AAAA,IACxB,KAAK,OAAO;AAAA,IACZ,WAAW,OAAO;AAAA,EACtB,CAAC;AAED,SAAO,QAAQ,QAAQ,EAAE,uBAAO,CAAC;AACrC;;;ACxDA,OAAO;AACP,SAAS,0BAA0B;AA4B5B,SAAS,sBAAsB,MAAgB,IAAY;AAC9D,QAAM,UAAU,mBAAmB,IAAI;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA,IAKA,cAAc,MAAc;AACxB,aAAO,OAAO,EAAE,OAAO,QAAQ,MAAM;AACjC,cAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AAGD,QAAC,MAAM,OAAmC,UAAUA;AACpD,QAAC,MAAM,OAAmC,OAAOA,UAAS,QAAQ;AAElE,eAAO,QAAQ,KAAK;AAAA,MACxB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY,OAAO,UAAgD;AAC/D,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA,IAKA,iBAAiB,OAAO,UAA0C;AAC9D,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS,MAAM,QAAQ;AAAA,MAC3B,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,OAAO,UAAwB,SAAkC;AACpE,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS,MAAM,QAAQ;AAAA,QAC3B,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,IAAI,MAAM,GAAG,GAAG,IAAI;AAAA,MAClF;AAAA,IACJ;AAAA,EACJ;AACJ;;;ACrGA,OAAO;AACP,SAAS,uBAAuB;AAChC,SAAS,eAAe;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAE3D,QAAM,UAAU,gBAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAMC,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,aAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAOA,UAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,MAAM,QAAQ;AACrC,cAAMA,WAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAACA,UAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAMA,SAAQ,MAAM,SAASA,SAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;;;ACxGO,IAAM,gBAAN,MAAoB;AAAA,EACvB,YAAoB,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAE9C,MAAgB,QACZ,MACA,QACA,UAA0B,CAAC,GACjB;AACV,UAAM,MAAM,IAAI,IAAI,MAAM,KAAK,OAAO,OAAO;AAE7C,QAAI,QAAQ,OAAO;AACf,aAAO,QAAQ,QAAQ,KAAK,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,UAAU,QAAW;AACrB,cAAI,aAAa,OAAO,KAAK,OAAO,KAAK,CAAC;AAAA,QAC9C;AAAA,MACJ,CAAC;AAAA,IACL;AAEA,UAAMC,WAAU,IAAI,QAAQ,QAAQ,WAAW,CAAC,CAAC;AAGjD,QAAI,KAAK,OAAO,SAAS;AACrB,aAAO,QAAQ,KAAK,OAAO,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC1D,YAAI,CAACA,SAAQ,IAAI,GAAG,GAAG;AACnB,UAAAA,SAAQ,IAAI,KAAK,KAAK;AAAA,QAC1B;AAAA,MACJ,CAAC;AAAA,IACL;AAGA,QAAI,QAAQ,QAAQ,EAAE,QAAQ,gBAAgB,aAAa,CAACA,SAAQ,IAAI,cAAc,GAAG;AACrF,MAAAA,SAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAClD;AAEA,UAAM,WAAW,MAAM,MAAM,IAAI,SAAS,GAAG;AAAA,MACzC,GAAG;AAAA,MACH;AAAA,MACA,SAAAA;AAAA,IACJ,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AACd,YAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,IACnF;AAGA,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,QAAI,eAAe,YAAY,SAAS,kBAAkB,GAAG;AACzD,aAAO,SAAS,KAAK;AAAA,IACzB;AAEA,WAAO,SAAS,KAAK;AAAA,EACzB;AACJ;;;ACvDA,SAAS,WAAAC,gBAAe;AAQjB,IAAM,kBAAN,cAA8B,cAAc;AAAA,EAG/C,YAAY,MAAgB,QAAyB;AACjD,UAAM,MAAM;AACZ,SAAK,OAAO;AAAA,EAChB;AAAA,EAEA,MAAc,iBAAkD;AAC5D,QAAI;AACA,YAAM,iBAAiB,MAAMA,SAAQ;AACrC,YAAM,cAAc,MAAM,KAAK,KAAK,IAAI,WAAW;AAAA,QAC/C,SAAS;AAAA,MACb,CAAC;AAED,UAAI,CAAC,YAAa,QAAO,CAAC;AAE1B,aAAO;AAAA,QACH,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ,SAAS,GAAG;AAER,aAAO,CAAC;AAAA,IACZ;AAAA,EACJ;AAAA,EAEA,MAAM,IAAO,MAAc,SAAsC;AAC7D,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,KAAQ,MAAc,MAAY,SAAsC;AAC1E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,QAAQ;AAAA,MACjC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,IAAO,MAAc,MAAY,SAAsC;AACzE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,OAAO;AAAA,MAChC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,MAAS,MAAc,MAAY,SAAsC;AAC3E,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,SAAS;AAAA,MAClC,GAAG;AAAA,MACH,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,OAAU,MAAc,SAAsC;AAChE,UAAM,cAAc,MAAM,KAAK,eAAe;AAC9C,WAAO,KAAK,QAAW,MAAM,UAAU;AAAA,MACnC,GAAG;AAAA,MACH,SAAS;AAAA,QACL,GAAG,SAAS;AAAA,QACZ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,EACL;AACJ;AAsBO,IAAM,kBAAkB,CAAC,MAAgB,oBAA8C;AAC1F,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,gBAAgB,MAAM,MAAM;AAC3C;;;ACrHO,IAAM,qBAAN,cAAiC,cAAc;AAAA,EAClD,YAAY,QAAyB;AACjC,UAAM,MAAM;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,OAAqB;AAGtB,UAAM,cAAe,MAAM,OAAe;AAC1C,QAAI,cAAsC,CAAC;AAE3C,QAAI,aAAa,QAAQ,aAAa,SAAS;AAC3C,oBAAc;AAAA,QACV,eAAe,OAAO,KAAK,KAAK,UAAU,YAAY,IAAI,CAAC,EAAE,SAAS,QAAQ;AAAA,QAC9E,kBAAkB,OAAO,KAAK,KAAK,UAAU,YAAY,OAAO,CAAC,EAAE,SAAS,QAAQ;AAAA,MACxF;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,KAAK,CAAI,MAAc,YACnB,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,MAAM,CAAI,MAAc,MAAY,YAChC,KAAK,QAAW,MAAM,QAAQ;AAAA,QAC1B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,KAAK,CAAI,MAAc,MAAY,YAC/B,KAAK,QAAW,MAAM,OAAO;AAAA,QACzB,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,OAAO,CAAI,MAAc,MAAY,YACjC,KAAK,QAAW,MAAM,SAAS;AAAA,QAC3B,GAAG;AAAA,QACH,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,MAEL,QAAQ,CAAI,MAAc,YACtB,KAAK,QAAW,MAAM,UAAU;AAAA,QAC5B,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,SAAS,SAAS,GAAG,YAAY;AAAA,MACnD,CAAC;AAAA,IACT;AAAA,EACJ;AACJ;AAEO,IAAM,qBAAqB,CAAC,oBAA8C;AAC7E,QAAM,SAAS,OAAO,oBAAoB,WACpC,EAAE,SAAS,gBAAgB,IAC3B;AACN,SAAO,IAAI,mBAAmB,MAAM;AACxC;;;ACjEA,SAAS,IAAI,KAAK,UAAU;AAwD5B,SAAS,uBAAuB,MAAc,UAA6B;AACzE,aAAW,WAAW,UAAU;AAC9B,QAAI,YAAY,KAAM,QAAO;AAG7B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,UAAI,SAAS,UAAU,KAAK,WAAW,SAAS,GAAG,GAAG;AACpD,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,QAAQ,IAAI;AAAA,QAChB,MAAM,QAAQ,QAAQ,SAAS,IAAI,EAAE,QAAQ,OAAO,OAAO,IAAI;AAAA,MACjE;AACA,UAAI,MAAM,KAAK,IAAI,EAAG,QAAO;AAAA,IAC/B;AAAA,EACF;AACA,SAAO;AACT;AAwBO,IAAM,0BAA0B,CAAC,OAAgB;AACtD,SAAO,CAAC,UAA6B,CAAC,MAAM;AAC1C,UAAM;AAAA,MACJ,wBAAwB,CAAC;AAAA,MACzB,gBAAgB;AAAA,MAChB,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,iBAAiB,CAAC,IAAI;AACxB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,WAAO,OAAO,KAAc,KAAe,SAAuB;AAChE,YAAM,UAAU;AAGhB,UAAI,uBAAuB,IAAI,MAAM,qBAAqB,GAAG;AAC3D,eAAO,KAAK;AAAA,MACd;AAEA,UAAI;AACF,cAAM,aAAa,IAAI,QAAQ,aAAa;AAC5C,cAAM,gBAAgB,IAAI,QAAQ,gBAAgB;AAGlD,YAAI,CAAC,iBAAiB,OAAO,kBAAkB,UAAU;AACvD,cAAI,UAAU;AACZ,mBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,UACvD;AACA,iBAAO,KAAK;AAAA,QACd;AAEA,cAAM,cAAc,KAAK;AAAA,UACvB,OAAO,KAAK,eAAe,QAAQ,EAAE,SAAS,OAAO;AAAA,QACvD;AAGA,YAAI,iBAAiB,IAAI;AACvB,gBAAM,SAAS,MAAM,GAClB,OAAO;AAAA,YACN;AAAA,YACA;AAAA,UACF,CAAC,EACA,KAAK,OAAY,EACjB,UAAU,MAAW,GAAG,QAAa,QAAQ,KAAU,EAAE,CAAC,EAC1D;AAAA,YACC;AAAA,cACE,GAAG,QAAa,IAAI,YAAY,EAAE;AAAA,cAClC,GAAG,QAAa,WAAW,oBAAI,KAAK,CAAC;AAAA,YACvC;AAAA,UACF,EACC,MAAM,CAAC;AAEV,cAAI,OAAO,WAAW,GAAG;AACvB,gBAAI,UAAU;AACZ,qBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,6BAA6B,CAAC;AAAA,YACrE;AACA,mBAAO,KAAK;AAAA,UACd;AAGA,kBAAQ,WAAW,OAAO,CAAC,EAAE;AAC7B,kBAAQ,cAAc,OAAO,CAAC,EAAE;AAGhC,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAE1B,iBAAO,KAAK;AAAA,QACd;AAGA,YAAI;AAEJ,YAAI,cAAc,OAAO,eAAe,UAAU;AAChD,qBAAW,KAAK;AAAA,YACd,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,OAAO;AAAA,UACpD;AAAA,QACF;AAEA,YAAI,CAAC,YAAY,UAAU;AACzB,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,QACvD;AAEA,YAAI,UAAU;AAEZ,kBAAQ,WAAW;AACnB,kBAAQ,cAAc;AAGtB,kBAAQ,OAAO,QAAQ;AACvB,kBAAQ,UAAU,QAAQ;AAAA,QAC5B;AAEA,aAAK;AAAA,MACP,SAAS,OAAO;AACd,gBAAQ,MAAM,iCAAiC,KAAK;AACpD,YAAI,UAAU;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,wBAAwB,CAAC;AAAA,QAChE;AACA,aAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;AAKO,IAAM,aAAa,wBAAwB;AAK3C,SAAS,gBAAgB,KAA2C;AACzE,SAAO,CAAC,CAAE,IAA6B;AACzC;AAMO,SAAS,eAAe,KAAgD;AAC7E,QAAM,UAAU;AAChB,MAAI,CAAC,QAAQ,YAAY,CAAC,QAAQ,aAAa;AAC7C,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,SAAO,EAAE,MAAM,QAAQ,UAAU,SAAS,QAAQ,YAAY;AAChE;AAKO,IAAM,iBAAiB;AAAA,EAC5B,kBAAkB;AAAA;AAAA,EAElB;AAAA,EACA;AAAA,EACA;AACF;;;ACjMA,IAAM,MAAM;AAAA,EACR;AAAA,EACA;AACJ;AAIA,IAAM,OAAO;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,IACJ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACb;AAAA,EACA;AACJ;AAEA,IAAO,cAAQ;","names":["assertServerOnly","session","session","headers","headers"]}

package/dist/server/nextjs.cjs

@@ -37,10 +37,7 @@ function createNextJsServer(auth, db) {
      * Next.js route handler for auth routes.
      * Place this in `app/api/auth/[...auth]/route.ts`
      */
-    handler: {
-      GET: handler,
-      POST: handler
-    },
+    handler,
     /**
      * Get session from current request headers.
      * Use in Server Components or Route Handlers.

package/dist/server/nextjs.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/server/nextjs.ts"],"sourcesContent":["import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAO;AACP,qBAAgC;AAChC,qBAAwB;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAC3D,QAAM,cAAU,gCAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,YAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,SAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,UAAM,wBAAQ;AACrC,cAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAAC,SAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;","names":[]}
+{"version":3,"sources":["../../src/server/nextjs.ts"],"sourcesContent":["import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    // toNextJsHandler already returns { GET, POST }\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler,\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAO;AACP,qBAAgC;AAChC,qBAAwB;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAE3D,QAAM,cAAU,gCAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,YAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,UAAM,wBAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,SAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,UAAM,wBAAQ;AACrC,cAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAAC,SAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;","names":[]}

package/dist/server/nextjs.d.cts

@@ -33,20 +33,11 @@ declare function createNextJsServer(auth: HyleAuth, db: HyleDb): {
      * Place this in `app/api/auth/[...auth]/route.ts`
      */
     handler: {
-        GET: {
-            GET: (request: Request) => Promise<Response>;
-            POST: (request: Request) => Promise<Response>;
-            PATCH: (request: Request) => Promise<Response>;
-            PUT: (request: Request) => Promise<Response>;
-            DELETE: (request: Request) => Promise<Response>;
-        };
-        POST: {
-            GET: (request: Request) => Promise<Response>;
-            POST: (request: Request) => Promise<Response>;
-            PATCH: (request: Request) => Promise<Response>;
-            PUT: (request: Request) => Promise<Response>;
-            DELETE: (request: Request) => Promise<Response>;
-        };
+        GET: (request: Request) => Promise<Response>;
+        POST: (request: Request) => Promise<Response>;
+        PATCH: (request: Request) => Promise<Response>;
+        PUT: (request: Request) => Promise<Response>;
+        DELETE: (request: Request) => Promise<Response>;
     };
     /**
      * Get session from current request headers.

package/dist/server/nextjs.d.ts

@@ -33,20 +33,11 @@ declare function createNextJsServer(auth: HyleAuth, db: HyleDb): {
      * Place this in `app/api/auth/[...auth]/route.ts`
      */
     handler: {
-        GET: {
-            GET: (request: Request) => Promise<Response>;
-            POST: (request: Request) => Promise<Response>;
-            PATCH: (request: Request) => Promise<Response>;
-            PUT: (request: Request) => Promise<Response>;
-            DELETE: (request: Request) => Promise<Response>;
-        };
-        POST: {
-            GET: (request: Request) => Promise<Response>;
-            POST: (request: Request) => Promise<Response>;
-            PATCH: (request: Request) => Promise<Response>;
-            PUT: (request: Request) => Promise<Response>;
-            DELETE: (request: Request) => Promise<Response>;
-        };
+        GET: (request: Request) => Promise<Response>;
+        POST: (request: Request) => Promise<Response>;
+        PATCH: (request: Request) => Promise<Response>;
+        PUT: (request: Request) => Promise<Response>;
+        DELETE: (request: Request) => Promise<Response>;
     };
     /**
      * Get session from current request headers.

package/dist/server/nextjs.js

@@ -13,10 +13,7 @@ function createNextJsServer(auth, db) {
      * Next.js route handler for auth routes.
      * Place this in `app/api/auth/[...auth]/route.ts`
      */
-    handler: {
-      GET: handler,
-      POST: handler
-    },
+    handler,
     /**
      * Get session from current request headers.
      * Use in Server Components or Route Handlers.

package/dist/server/nextjs.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/server/nextjs.ts"],"sourcesContent":["import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler: {\n            GET: handler,\n            POST: handler,\n        },\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n"],"mappings":";AAAA,OAAO;AACP,SAAS,uBAAuB;AAChC,SAAS,eAAe;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAC3D,QAAM,UAAU,gBAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS;AAAA,MACL,KAAK;AAAA,MACL,MAAM;AAAA,IACV;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,YAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,SAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,MAAM,QAAQ;AACrC,cAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAAC,SAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;","names":[]}
+{"version":3,"sources":["../../src/server/nextjs.ts"],"sourcesContent":["import \"server-only\";\nimport { toNextJsHandler } from \"better-auth/next-js\";\nimport { headers } from \"next/headers\";\nimport type { SessionResult, SessionData } from \"../client/types\";\n\n// Type for auth instance created by createAuth\ntype HyleAuth = ReturnType<typeof import(\"better-auth\").betterAuth>;\n// Type for db instance created by createDb  \ntype HyleDb = ReturnType<typeof import(\"drizzle-orm/libsql\").drizzle>;\n\n/**\n * Creates Next.js server-side auth utilities (App Router).\n * \n * @param auth - Auth instance created by createAuth()\n * @param db - Database instance created by createDb()\n * @returns Server-side auth utilities for Next.js\n * \n * @example\n * ```typescript\n * // In lib/auth.ts\n * import { createDb, createAuth } from \"hylekit\";\n * import { createNextJsServer } from \"hylekit/nextjs\";\n * \n * const db = createDb({ url: process.env.HYLE_DATABASE_URL!, authToken: process.env.HYLE_DATABASE_AUTH_TOKEN });\n * const auth = createAuth(db, { baseURL: process.env.BETTER_AUTH_URL!, secret: process.env.BETTER_AUTH_SECRET!, ... });\n * \n * export const { handler, getSession, isAuthenticated, getUser, makeAuthenticatedCall } = createNextJsServer(auth, db);\n * ```\n */\nexport function createNextJsServer(auth: HyleAuth, db: HyleDb) {\n    // toNextJsHandler already returns { GET, POST }\n    const handler = toNextJsHandler(auth);\n\n    return {\n        /**\n         * The underlying BetterAuth instance.\n         */\n        auth,\n\n        /**\n         * Next.js route handler for auth routes.\n         * Place this in `app/api/auth/[...auth]/route.ts`\n         */\n        handler,\n\n        /**\n         * Get session from current request headers.\n         * Use in Server Components or Route Handlers.\n         */\n        getSession: async (): Promise<SessionResult> => {\n            const requestHeaders = await headers();\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Get session from specific headers.\n         * Use when you have direct access to headers.\n         */\n        getSessionFromHeaders: async (requestHeaders: Headers): Promise<SessionResult> => {\n            return auth.api.getSession({\n                headers: requestHeaders,\n            });\n        },\n\n        /**\n         * Check if user is authenticated.\n         * Use in Server Components.\n         */\n        isAuthenticated: async (): Promise<boolean> => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session !== null;\n        },\n\n        /**\n         * Get the current user or null.\n         * Convenience method for Server Components.\n         */\n        getUser: async () => {\n            const requestHeaders = await headers();\n            const session = await auth.api.getSession({\n                headers: requestHeaders,\n            });\n            return session?.user ?? null;\n        },\n\n        /**\n         * Wraps a function to ensure the user is authenticated before execution.\n         * Injects the user, session, and db into the first argument.\n         */\n        makeAuthenticatedCall: <TArgs extends any[], TReturn>(\n            fn: (ctx: { user: SessionData['user']; session: SessionData['session']; db: typeof db }, ...args: TArgs) => Promise<TReturn>\n        ) => {\n            return async (...args: TArgs): Promise<TReturn> => {\n                const requestHeaders = await headers();\n                const session = await auth.api.getSession({\n                    headers: requestHeaders,\n                });\n                if (!session) {\n                    throw new Error(\"Unauthorized\");\n                }\n                return fn({ user: session.user, session: session.session, db }, ...args);\n            }\n        }\n    };\n}\n"],"mappings":";AAAA,OAAO;AACP,SAAS,uBAAuB;AAChC,SAAS,eAAe;AA2BjB,SAAS,mBAAmB,MAAgB,IAAY;AAE3D,QAAM,UAAU,gBAAgB,IAAI;AAEpC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,YAAY,YAAoC;AAC5C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,OAAO,mBAAoD;AAC9E,aAAO,KAAK,IAAI,WAAW;AAAA,QACvB,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAiB,YAA8B;AAC3C,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,YAAY;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,SAAS,YAAY;AACjB,YAAM,iBAAiB,MAAM,QAAQ;AACrC,YAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,QACtC,SAAS;AAAA,MACb,CAAC;AACD,aAAO,SAAS,QAAQ;AAAA,IAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,uBAAuB,CACnB,OACC;AACD,aAAO,UAAU,SAAkC;AAC/C,cAAM,iBAAiB,MAAM,QAAQ;AACrC,cAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,UACtC,SAAS;AAAA,QACb,CAAC;AACD,YAAI,CAAC,SAAS;AACV,gBAAM,IAAI,MAAM,cAAc;AAAA,QAClC;AACA,eAAO,GAAG,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,SAAS,GAAG,GAAG,GAAG,IAAI;AAAA,MAC3E;AAAA,IACJ;AAAA,EACJ;AACJ;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hylekit",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "Distributed BetterAuth library for SvelteKit and Next.js with Google OAuth and Turso",
   "type": "module",
   "main": "./dist/index.js",