jazz-tools 0.18.4 → 0.18.6

package/src/better-auth/auth/server.ts

@@ -4,6 +4,29 @@ import { symmetricDecrypt, symmetricEncrypt } from "better-auth/crypto";
 import { BetterAuthPlugin, createAuthMiddleware } from "better-auth/plugins";
 import type { Account, AuthCredentials, ID } from "jazz-tools";
 
+// Define a type to have user fields mapped in the better-auth instance
+// It should be automatic, but it needs an hard reference to BetterAuthPlugin type
+// in order to be exported as library.
+type JazzPlugin = BetterAuthPlugin & {
+  schema: {
+    user: {
+      fields: {
+        accountID: {
+          type: "string";
+          required: false;
+          input: false;
+        };
+        encryptedCredentials: {
+          type: "string";
+          required: false;
+          input: false;
+          returned: false;
+        };
+      };
+    };
+  };
+};
+
 /**
  * @returns The BetterAuth server plugin.
  *
@@ -15,7 +38,7 @@ import type { Account, AuthCredentials, ID } from "jazz-tools";
  * });
  * ```
  */
-export const jazzPlugin = (): BetterAuthPlugin => {
+export const jazzPlugin: () => JazzPlugin = () => {
   return {
     id: "jazz-plugin",
     schema: {
@@ -46,15 +69,15 @@ export const jazzPlugin = (): BetterAuthPlugin => {
                   // If the user is created without a jazzAuth, it will throw an error.
                   if (!contextContainsJazzAuth(context)) {
                     throw new APIError(422, {
-                      message: "JazzAuth is required",
+                      message: "JazzAuth is required on user creation",
                     });
                   }
                   // Decorate the user with the jazz's credentials.
                   return {
                     data: {
-                      accountID: context?.jazzAuth?.accountID,
+                      accountID: context.jazzAuth.accountID,
                       encryptedCredentials:
-                        context?.jazzAuth?.encryptedCredentials,
+                        context.jazzAuth.encryptedCredentials,
                     },
                   };
                 },
@@ -62,20 +85,23 @@ export const jazzPlugin = (): BetterAuthPlugin => {
             },
             verification: {
               create: {
-                before: async (verification, context) => {
-                  // If a jazzAuth is provided, save it for later usage.
-                  if (contextContainsJazzAuth(context)) {
-                    const parsed = JSON.parse(verification.value);
-                    const newValue = JSON.stringify({
-                      ...parsed,
-                      jazzAuth: context.jazzAuth,
-                    });
-
-                    return {
-                      data: {
-                        value: newValue,
+                after: async (verification, context) => {
+                  /**
+                   * For: Email OTP plugin
+                   * After a verification is created, if it is from the EmailOTP plugin,
+                   * create a new verification value with the jazzAuth with the same expiration.
+                   */
+                  if (
+                    contextContainsJazzAuth(context) &&
+                    verification.identifier.startsWith("sign-in-otp-")
+                  ) {
+                    await context.context.internalAdapter.createVerificationValue(
+                      {
+                        value: JSON.stringify({ jazzAuth: context.jazzAuth }),
+                        identifier: `${verification.identifier}-jazz-auth`,
+                        expiresAt: verification.expiresAt,
                       },
-                    };
+                    );
                   }
                 },
               },
@@ -124,6 +150,7 @@ export const jazzPlugin = (): BetterAuthPlugin => {
         },
 
         /**
+         * For: Social / OAuth2 plugin
          * /callback is the endpoint that BetterAuth uses to authenticate the user coming from a social provider.
          * 1. Catch the state
          * 2. Find the verification value
@@ -131,22 +158,20 @@ export const jazzPlugin = (): BetterAuthPlugin => {
          */
         {
           matcher: (context) => {
-            return context.path.startsWith("/callback");
+            return (
+              context.path.startsWith("/callback") ||
+              context.path.startsWith("/oauth2/callback")
+            );
           },
           handler: createAuthMiddleware(async (ctx) => {
             const state = ctx.query?.state || ctx.body?.state;
 
-            const data = await ctx.context.adapter.findOne<{ value: string }>({
-              model: ctx.context.tables.verification!.modelName,
-              where: [
-                {
-                  field: "identifier",
-                  operator: "eq",
-                  value: state,
-                },
-              ],
-              select: ["value"],
-            });
+            const identifier = `${state}-jazz-auth`;
+
+            const data =
+              await ctx.context.internalAdapter.findVerificationValue(
+                identifier,
+              );
 
             // if not found, the social plugin will throw later anyway
             if (!data) {
@@ -158,7 +183,12 @@ export const jazzPlugin = (): BetterAuthPlugin => {
             const parsed = JSON.parse(data.value);
 
             if (parsed && "jazzAuth" in parsed) {
-              ctx.context.jazzAuth = parsed.jazzAuth;
+              return {
+                context: {
+                  ...ctx,
+                  jazzAuth: parsed.jazzAuth,
+                },
+              };
             } else {
               throw new APIError(404, {
                 message: "JazzAuth not found in verification value",
@@ -166,6 +196,45 @@ export const jazzPlugin = (): BetterAuthPlugin => {
             }
           }),
         },
+        /**
+         * For: Email OTP plugin
+         * When the user sends an OTP, we try to find the jazzAuth.
+         * If it isn't a sign-up, we expect to not find a verification value.
+         */
+        {
+          matcher: (context) => {
+            return context.path.startsWith("/sign-in/email-otp");
+          },
+          handler: createAuthMiddleware(async (ctx) => {
+            const email = ctx.body.email;
+            const identifier = `sign-in-otp-${email}-jazz-auth`;
+
+            const data =
+              await ctx.context.internalAdapter.findVerificationValue(
+                identifier,
+              );
+
+            // if not found, it isn't a sign-up
+            if (!data || data.expiresAt < new Date()) {
+              return;
+            }
+
+            const parsed = JSON.parse(data.value);
+
+            if (parsed && "jazzAuth" in parsed) {
+              return {
+                context: {
+                  ...ctx,
+                  jazzAuth: parsed.jazzAuth,
+                },
+              };
+            } else {
+              throw new APIError(500, {
+                message: "JazzAuth not found in verification value",
+              });
+            }
+          }),
+        },
       ],
       after: [
         /**
@@ -196,9 +265,41 @@ export const jazzPlugin = (): BetterAuthPlugin => {
             });
           }),
         },
+
+        /**
+         * For: Social / OAuth2 plugin
+         * When the user sign-in via social, we create a verification value with the jazzAuth.
+         */
+        {
+          matcher: (context) => {
+            return context.path.startsWith("/sign-in/social");
+          },
+          handler: createAuthMiddleware(async (ctx) => {
+            if (!contextContainsJazzAuth(ctx)) {
+              throw new APIError(500, {
+                message: "JazzAuth not found in context",
+              });
+            }
+
+            const returned = ctx.context.returned as { url: string };
+
+            const url = new URL(returned.url);
+            const state = url.searchParams.get("state");
+
+            const value = JSON.stringify({ jazzAuth: ctx.jazzAuth });
+            const expiresAt = new Date();
+            expiresAt.setMinutes(expiresAt.getMinutes() + 10);
+
+            await ctx.context.internalAdapter.createVerificationValue({
+              value,
+              identifier: `${state}-jazz-auth`,
+              expiresAt,
+            });
+          }),
+        },
       ],
     },
-  };
+  } satisfies JazzPlugin;
 };
 
 function contextContainsJazzAuth(ctx: unknown): ctx is {

package/src/better-auth/auth/tests/client.test.ts

@@ -7,14 +7,19 @@ import {
 } from "jazz-tools/testing";
 import { assert, beforeEach, describe, expect, it, vi } from "vitest";
 import { jazzPluginClient } from "../client.js";
+import { emailOTPClient, genericOAuthClient } from "better-auth/client/plugins";
 
-describe("auth client", () => {
+describe("Better-Auth client plugin", () => {
   let account: Account;
   let jazzContextManager: TestJazzContextManager<Account>;
   let authSecretStorage: AuthSecretStorage;
   let authClient: ReturnType<
     typeof createAuthClient<{
-      plugins: ReturnType<typeof jazzPluginClient>[];
+      plugins: ReturnType<
+        | typeof jazzPluginClient
+        | typeof emailOTPClient
+        | typeof genericOAuthClient
+      >[];
     }>
   >;
   let customFetchImpl = vi.fn();
@@ -31,7 +36,7 @@ describe("auth client", () => {
 
     authClient = createAuthClient({
       baseURL: "http://localhost:3000",
-      plugins: [jazzPluginClient()],
+      plugins: [jazzPluginClient(), emailOTPClient(), genericOAuthClient()],
       fetchOptions: {
         customFetchImpl,
       },
@@ -245,5 +250,88 @@ describe("auth client", () => {
     expect(anonymousCredentials).not.toMatchObject(credentials!);
   });
 
-  it.todo("should logout from Better Auth after Jazz's log-out");
+  it("should send Jazz credentials using social login", async () => {
+    const credentials = await authSecretStorage.get();
+    assert(credentials, "Jazz credentials are not available");
+
+    customFetchImpl.mockResolvedValue(new Response(JSON.stringify({})));
+
+    // Sign up
+    await authClient.signIn.social({
+      provider: "github",
+    });
+
+    expect(customFetchImpl).toHaveBeenCalledTimes(1);
+    expect(customFetchImpl.mock.calls[0]![0].toString()).toBe(
+      "http://localhost:3000/api/auth/sign-in/social",
+    );
+
+    // Verify the credentials have been injected in the request body
+    expect(
+      customFetchImpl.mock.calls[0]![1].headers.get("x-jazz-auth")!,
+    ).toEqual(
+      JSON.stringify({
+        accountID: credentials!.accountID,
+        secretSeed: credentials!.secretSeed,
+        accountSecret: credentials!.accountSecret,
+      }),
+    );
+  });
+
+  it("should send Jazz credentials using oauth generic plugin", async () => {
+    const credentials = await authSecretStorage.get();
+    assert(credentials, "Jazz credentials are not available");
+
+    customFetchImpl.mockResolvedValue(new Response(JSON.stringify({})));
+
+    // Sign up
+    await authClient.signIn.oauth2({
+      providerId: "github",
+    });
+
+    expect(customFetchImpl).toHaveBeenCalledTimes(1);
+    expect(customFetchImpl.mock.calls[0]![0].toString()).toBe(
+      "http://localhost:3000/api/auth/sign-in/oauth2",
+    );
+
+    // Verify the credentials have been injected in the request body
+    expect(
+      customFetchImpl.mock.calls[0]![1].headers.get("x-jazz-auth")!,
+    ).toEqual(
+      JSON.stringify({
+        accountID: credentials!.accountID,
+        secretSeed: credentials!.secretSeed,
+        accountSecret: credentials!.accountSecret,
+      }),
+    );
+  });
+
+  it("should send Jazz credentials using email OTP", async () => {
+    const credentials = await authSecretStorage.get();
+    assert(credentials, "Jazz credentials are not available");
+
+    customFetchImpl.mockResolvedValue(new Response(JSON.stringify({})));
+
+    // Sign up
+    await authClient.emailOtp.sendVerificationOtp({
+      email: "test@jazz.dev",
+      type: "sign-in",
+    });
+
+    expect(customFetchImpl).toHaveBeenCalledTimes(1);
+    expect(customFetchImpl.mock.calls[0]![0].toString()).toBe(
+      "http://localhost:3000/api/auth/email-otp/send-verification-otp",
+    );
+
+    // Verify the credentials have been injected in the request body
+    expect(
+      customFetchImpl.mock.calls[0]![1].headers.get("x-jazz-auth")!,
+    ).toEqual(
+      JSON.stringify({
+        accountID: credentials!.accountID,
+        secretSeed: credentials!.secretSeed,
+        accountSecret: credentials!.accountSecret,
+      }),
+    );
+  });
 });

package/src/better-auth/auth/tests/react.test.tsx

@@ -0,0 +1,43 @@
+// @vitest-environment jsdom
+import { render } from "@testing-library/react";
+import { describe, expect, it } from "vitest";
+import { AuthProvider } from "../react";
+import { createAuthClient } from "better-auth/client";
+import { jazzPluginClient } from "../client";
+import { JazzReactProvider } from "jazz-tools/react";
+
+describe("AuthProvider", () => {
+  it("should throw if no JazzContext is set", () => {
+    const betterAuthClient = createAuthClient({
+      plugins: [jazzPluginClient()],
+    });
+
+    expect(() => {
+      render(
+        <AuthProvider betterAuthClient={betterAuthClient}>
+          <div />
+        </AuthProvider>,
+      );
+    }).toThrow(
+      "You need to set up a JazzProvider on top of your app to use this hook.",
+    );
+  });
+
+  it("should render with JazzReactProvider", () => {
+    const betterAuthClient = createAuthClient({
+      plugins: [jazzPluginClient()],
+    });
+
+    render(
+      <JazzReactProvider
+        // @ts-expect-error - no memory storage
+        storage={["memory"]}
+        sync={{ peer: "ws://", when: "never" }}
+      >
+        <AuthProvider betterAuthClient={betterAuthClient}>
+          <div />
+        </AuthProvider>
+      </JazzReactProvider>,
+    );
+  });
+});