jazz-tools 0.18.6 → 0.18.8

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> jazz-tools@0.18.6 build /home/runner/_work/jazz/jazz/packages/jazz-tools
+> jazz-tools@0.18.8 build /home/runner/_work/jazz/jazz/packages/jazz-tools
 > tsup && pnpm types && pnpm build:svelte
 
 CLI Building entry: {"index":"src/index.ts","testing":"src/testing.ts"}
@@ -109,91 +109,91 @@
 ESM Build start
 ESM dist/react/ssr.js     688.00 B
 ESM dist/react/ssr.js.map 1.12 KB
-ESM ⚡️ Build success in 19ms
+ESM ⚡️ Build success in 17ms
+ESM dist/react-native/testing.js     120.00 B
+ESM dist/react-native/index.js       2.53 KB
+ESM dist/react-native/crypto.js      161.00 B
+ESM dist/react-native/testing.js.map 176.00 B
+ESM dist/react-native/index.js.map   5.68 KB
+ESM dist/react-native/crypto.js.map  197.00 B
+ESM ⚡️ Build success in 18ms
 ESM dist/tiptap/index.js     564.00 B
 ESM dist/tiptap/index.js.map 1.21 KB
-ESM ⚡️ Build success in 15ms
-ESM dist/worker/index.js     2.42 KB
-ESM dist/worker/index.js.map 5.08 KB
-ESM ⚡️ Build success in 15ms
-ESM dist/expo/index.js       4.68 KB
-ESM dist/expo/crypto.js      153.00 B
-ESM dist/expo/testing.js     112.00 B
-ESM dist/expo/index.js.map   10.23 KB
-ESM dist/expo/crypto.js.map  189.00 B
-ESM dist/expo/testing.js.map 168.00 B
-ESM ⚡️ Build success in 24ms
-ESM dist/better-auth/auth/client.js     4.44 KB
-ESM dist/better-auth/auth/server.js     8.18 KB
-ESM dist/better-auth/auth/react.js      799.00 B
-ESM dist/better-auth/auth/client.js.map 8.24 KB
-ESM dist/better-auth/auth/react.js.map  2.04 KB
-ESM dist/better-auth/auth/server.js.map 15.03 KB
-ESM ⚡️ Build success in 17ms
+ESM ⚡️ Build success in 22ms
+ESM dist/worker/index.js     2.47 KB
+ESM dist/worker/index.js.map 5.26 KB
+ESM ⚡️ Build success in 21ms
 ESM dist/media/index.js              236.00 B
 ESM dist/media/index.browser.js      2.79 KB
+ESM dist/media/index.native.js       2.90 KB
 ESM dist/media/index.server.js       2.95 KB
 ESM dist/media/chunk-W3S526L3.js     6.47 KB
-ESM dist/media/index.native.js       2.90 KB
 ESM dist/media/index.js.map          71.00 B
 ESM dist/media/index.browser.js.map  6.15 KB
+ESM dist/media/index.native.js.map   6.09 KB
 ESM dist/media/index.server.js.map   6.37 KB
 ESM dist/media/chunk-W3S526L3.js.map 16.57 KB
-ESM dist/media/index.native.js.map   6.09 KB
-ESM ⚡️ Build success in 36ms
+ESM ⚡️ Build success in 32ms
+ESM dist/better-auth/auth/client.js     4.44 KB
+ESM dist/better-auth/auth/server.js     8.36 KB
+ESM dist/better-auth/auth/react.js      799.00 B
+ESM dist/better-auth/auth/client.js.map 8.24 KB
+ESM dist/better-auth/auth/react.js.map  2.04 KB
+ESM dist/better-auth/auth/server.js.map 15.29 KB
+ESM ⚡️ Build success in 29ms
 ESM dist/browser/index.js     13.64 KB
 ESM dist/browser/index.js.map 29.14 KB
-ESM ⚡️ Build success in 37ms
-ESM dist/react-native/index.js       2.53 KB
-ESM dist/react-native/testing.js     120.00 B
-ESM dist/react-native/crypto.js      161.00 B
-ESM dist/react-native/index.js.map   5.68 KB
-ESM dist/react-native/testing.js.map 176.00 B
-ESM dist/react-native/crypto.js.map  197.00 B
-ESM ⚡️ Build success in 34ms
-ESM dist/react-native-core/index.js       17.90 KB
+ESM ⚡️ Build success in 38ms
+ESM dist/expo/index.js       4.68 KB
+ESM dist/expo/testing.js     112.00 B
+ESM dist/expo/crypto.js      153.00 B
+ESM dist/expo/index.js.map   10.23 KB
+ESM dist/expo/testing.js.map 168.00 B
+ESM dist/expo/crypto.js.map  189.00 B
+ESM ⚡️ Build success in 41ms
+ESM dist/react-native-core/index.js       17.95 KB
 ESM dist/react-native-core/testing.js     119.00 B
 ESM dist/react-native-core/crypto.js      2.10 KB
-ESM dist/react-native-core/index.js.map   36.66 KB
 ESM dist/react-native-core/testing.js.map 175.00 B
 ESM dist/react-native-core/crypto.js.map  4.25 KB
-ESM ⚡️ Build success in 38ms
-ESM dist/prosemirror/index.js     77.63 KB
-ESM dist/prosemirror/index.js.map 306.98 KB
-ESM ⚡️ Build success in 40ms
+ESM dist/react-native-core/index.js.map   36.70 KB
+ESM ⚡️ Build success in 41ms
+ESM dist/react/index.js       24.71 KB
 ESM dist/react/testing.js     122.00 B
-ESM dist/react/index.js       24.66 KB
+ESM dist/react/index.js.map   53.50 KB
 ESM dist/react/testing.js.map 165.00 B
-ESM dist/react/index.js.map   53.43 KB
-ESM ⚡️ Build success in 40ms
-ESM dist/inspector/index.js     61.57 KB
-ESM dist/inspector/index.js.map 110.11 KB
-ESM ⚡️ Build success in 60ms
-ESM dist/index.js              26.13 KB
-ESM dist/chunk-45VKEOXG.js     167.19 KB
+ESM ⚡️ Build success in 42ms
+ESM dist/prosemirror/index.js     77.63 KB
+ESM dist/prosemirror/index.js.map 306.98 KB
+ESM ⚡️ Build success in 44ms
+ESM dist/inspector/index.js     69.71 KB
+ESM dist/inspector/index.js.map 121.38 KB
+ESM ⚡️ Build success in 57ms
 ESM dist/testing.js            7.17 KB
+ESM dist/index.js              26.13 KB
+ESM dist/chunk-QF3R3C4N.js     168.58 KB
 ESM dist/testing.js.map        14.10 KB
 ESM dist/index.js.map          52.92 KB
-ESM dist/chunk-45VKEOXG.js.map 397.84 KB
-ESM ⚡️ Build success in 82ms
+ESM dist/chunk-QF3R3C4N.js.map 400.77 KB
+ESM ⚡️ Build success in 81ms
+ESM dist/react-core/index.js              145.59 KB
 ESM dist/react-core/testing.js            1.17 KB
 ESM dist/react-core/chunk-7DYMJ74I.js     279.00 B
-ESM dist/react-core/index.js              143.64 KB
+ESM dist/react-core/index.js.map          399.79 KB
 ESM dist/react-core/testing.js.map        1.82 KB
 ESM dist/react-core/chunk-7DYMJ74I.js.map 533.00 B
-ESM dist/react-core/index.js.map          391.48 KB
-ESM ⚡️ Build success in 79ms
+ESM ⚡️ Build success in 78ms
 ESM dist/inspector/register-custom-element.js     218.00 B
 ESM dist/inspector/register-custom-element.js.map 314.00 B
-ESM dist/inspector/custom-element-IBHKHN27.js     1.53 MB
-ESM dist/inspector/custom-element-IBHKHN27.js.map 2.35 MB
-ESM ⚡️ Build success in 117ms
+ESM dist/inspector/custom-element-G6SPZEBR.js     1.54 MB
+ESM dist/inspector/custom-element-G6SPZEBR.js.map 2.36 MB
+ESM ⚡️ Build success in 114ms
 
-> jazz-tools@0.18.6 types /home/runner/_work/jazz/jazz/packages/jazz-tools
+> jazz-tools@0.18.8 types /home/runner/_work/jazz/jazz/packages/jazz-tools
 > tsc --outDir dist
 
 
-> jazz-tools@0.18.6 build:svelte /home/runner/_work/jazz/jazz/packages/jazz-tools
+> jazz-tools@0.18.8 build:svelte /home/runner/_work/jazz/jazz/packages/jazz-tools
 > rm -rf dist/svelte && svelte-package -i src/svelte -o dist/svelte --tsconfig tsconfig.svelte.json
 
 src/svelte -> dist/svelte

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # jazz-tools
 
+## 0.18.8
+
+### Patch Changes
+
+- 700fe46: fix: in 32d1444 was used the wrong Better Auth internal function to delete old verification codes
+- aba0d55: Support the selection of a subset of keys to make optional in `co.map().partial()`
+- Updated dependencies [9a4caf2]
+  - cojson@0.18.8
+  - cojson-storage-indexeddb@0.18.8
+  - cojson-transport-ws@0.18.8
+
+## 0.18.7
+
+### Patch Changes
+
+- cf26739: Add `useCoStateWithSelector` for granular reactivity
+- a3cd9c8: Add lastUpdatedAt & createdAt properties to $jazz in all the coValue types
+- ca5cd26: Make CoLists structurally equal to arrays
+- 32d1444: fix: ensure better-auth email-otp verification uniqueness
+- Updated dependencies [c2d8bf7]
+- Updated dependencies [dccb464]
+- Updated dependencies [a3cd9c8]
+- Updated dependencies [e8e7bf8]
+- Updated dependencies [51d3558]
+  - cojson@0.18.7
+  - cojson-storage-indexeddb@0.18.7
+  - cojson-transport-ws@0.18.7
+
 ## 0.18.6
 
 ### Patch Changes

package/dist/better-auth/auth/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/better-auth/auth/server.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAwB,MAAM,qBAAqB,CAAC;AAM7E,KAAK,UAAU,GAAG,gBAAgB,GAAG;IACnC,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,MAAM,EAAE;gBACN,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ,CAAC;oBACf,QAAQ,EAAE,KAAK,CAAC;oBAChB,KAAK,EAAE,KAAK,CAAC;iBACd,CAAC;gBACF,oBAAoB,EAAE;oBACpB,IAAI,EAAE,QAAQ,CAAC;oBACf,QAAQ,EAAE,KAAK,CAAC;oBAChB,KAAK,EAAE,KAAK,CAAC;oBACb,QAAQ,EAAE,KAAK,CAAC;iBACjB,CAAC;aACH,CAAC;SACH,CAAC;KACH,CAAC;CACH,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,UAAU,EAAE,MAAM,UAsQ9B,CAAC"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/better-auth/auth/server.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAwB,MAAM,qBAAqB,CAAC;AAM7E,KAAK,UAAU,GAAG,gBAAgB,GAAG;IACnC,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,MAAM,EAAE;gBACN,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ,CAAC;oBACf,QAAQ,EAAE,KAAK,CAAC;oBAChB,KAAK,EAAE,KAAK,CAAC;iBACd,CAAC;gBACF,oBAAoB,EAAE;oBACpB,IAAI,EAAE,QAAQ,CAAC;oBACf,QAAQ,EAAE,KAAK,CAAC;oBAChB,KAAK,EAAE,KAAK,CAAC;oBACb,QAAQ,EAAE,KAAK,CAAC;iBACjB,CAAC;aACH,CAAC;SACH,CAAC;KACH,CAAC;CACH,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,UAAU,EAAE,MAAM,UA0Q9B,CAAC"}

package/dist/better-auth/auth/server.js

@@ -47,10 +47,14 @@ var jazzPlugin = () => {
               create: {
                 after: async (verification, context) => {
                   if (contextContainsJazzAuth(context) && verification.identifier.startsWith("sign-in-otp-")) {
+                    const identifier = `jazz-auth-${verification.identifier}`;
+                    await context.context.internalAdapter.deleteVerificationByIdentifier(
+                      identifier
+                    );
                     await context.context.internalAdapter.createVerificationValue(
                       {
                         value: JSON.stringify({ jazzAuth: context.jazzAuth }),
-                        identifier: `${verification.identifier}-jazz-auth`,
+                        identifier,
                         expiresAt: verification.expiresAt
                       }
                     );
@@ -109,7 +113,7 @@ var jazzPlugin = () => {
           },
           handler: createAuthMiddleware(async (ctx) => {
             const state = ctx.query?.state || ctx.body?.state;
-            const identifier = `${state}-jazz-auth`;
+            const identifier = `jazz-auth-${state}`;
             const data = await ctx.context.internalAdapter.findVerificationValue(
               identifier
             );
@@ -144,7 +148,7 @@ var jazzPlugin = () => {
           },
           handler: createAuthMiddleware(async (ctx) => {
             const email = ctx.body.email;
-            const identifier = `sign-in-otp-${email}-jazz-auth`;
+            const identifier = `jazz-auth-sign-in-otp-${email}`;
             const data = await ctx.context.internalAdapter.findVerificationValue(
               identifier
             );
@@ -213,7 +217,7 @@ var jazzPlugin = () => {
             expiresAt.setMinutes(expiresAt.getMinutes() + 10);
             await ctx.context.internalAdapter.createVerificationValue({
               value,
-              identifier: `${state}-jazz-auth`,
+              identifier: `jazz-auth-${state}`,
               expiresAt
             });
           })

package/dist/better-auth/auth/server.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/better-auth/auth/server.ts"],"sourcesContent":["import { AuthContext, MiddlewareContext, MiddlewareOptions } from \"better-auth\";\nimport { APIError } from \"better-auth/api\";\nimport { symmetricDecrypt, symmetricEncrypt } from \"better-auth/crypto\";\nimport { BetterAuthPlugin, createAuthMiddleware } from \"better-auth/plugins\";\nimport type { Account, AuthCredentials, ID } from \"jazz-tools\";\n\n// Define a type to have user fields mapped in the better-auth instance\n// It should be automatic, but it needs an hard reference to BetterAuthPlugin type\n// in order to be exported as library.\ntype JazzPlugin = BetterAuthPlugin & {\n  schema: {\n    user: {\n      fields: {\n        accountID: {\n          type: \"string\";\n          required: false;\n          input: false;\n        };\n        encryptedCredentials: {\n          type: \"string\";\n          required: false;\n          input: false;\n          returned: false;\n        };\n      };\n    };\n  };\n};\n\n/**\n * @returns The BetterAuth server plugin.\n *\n * @example\n * ```ts\n * const auth = betterAuth({\n *   plugins: [jazzPlugin()],\n *   // ... other BetterAuth options\n * });\n * ```\n */\nexport const jazzPlugin: () => JazzPlugin = () => {\n  return {\n    id: \"jazz-plugin\",\n    schema: {\n      user: {\n        fields: {\n          accountID: {\n            type: \"string\",\n            required: false,\n            input: false,\n          },\n          encryptedCredentials: {\n            type: \"string\",\n            required: false,\n            input: false,\n            returned: false,\n          },\n        },\n      },\n    },\n\n    init() {\n      return {\n        options: {\n          databaseHooks: {\n            user: {\n              create: {\n                before: async (user, context) => {\n                  // If the user is created without a jazzAuth, it will throw an error.\n                  if (!contextContainsJazzAuth(context)) {\n                    throw new APIError(422, {\n                      message: \"JazzAuth is required on user creation\",\n                    });\n                  }\n                  // Decorate the user with the jazz's credentials.\n                  return {\n                    data: {\n                      accountID: context.jazzAuth.accountID,\n                      encryptedCredentials:\n                        context.jazzAuth.encryptedCredentials,\n                    },\n                  };\n                },\n              },\n            },\n            verification: {\n              create: {\n                after: async (verification, context) => {\n                  /**\n                   * For: Email OTP plugin\n                   * After a verification is created, if it is from the EmailOTP plugin,\n                   * create a new verification value with the jazzAuth with the same expiration.\n                   */\n                  if (\n                    contextContainsJazzAuth(context) &&\n                    verification.identifier.startsWith(\"sign-in-otp-\")\n                  ) {\n                    await context.context.internalAdapter.createVerificationValue(\n                      {\n                        value: JSON.stringify({ jazzAuth: context.jazzAuth }),\n                        identifier: `${verification.identifier}-jazz-auth`,\n                        expiresAt: verification.expiresAt,\n                      },\n                    );\n                  }\n                },\n              },\n            },\n          },\n        },\n      };\n    },\n\n    hooks: {\n      before: [\n        /**\n         * If the client sends a x-jazz-auth header,\n         * we encrypt the credentials and inject them into the context.\n         */\n        {\n          matcher: (context) => {\n            return !!context.headers?.get(\"x-jazz-auth\");\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            const jazzAuth = JSON.parse(ctx.headers?.get(\"x-jazz-auth\")!);\n\n            const credentials: AuthCredentials = {\n              accountID: jazzAuth.accountID as ID<Account>,\n              secretSeed: jazzAuth.secretSeed,\n              accountSecret: jazzAuth.accountSecret as any,\n              // If the provider remains 'anonymous', Jazz will not consider us authenticated later.\n              provider: \"better-auth\",\n            };\n\n            const encryptedCredentials = await symmetricEncrypt({\n              key: ctx.context.secret,\n              data: JSON.stringify(credentials),\n            });\n\n            return {\n              context: {\n                ...ctx,\n                jazzAuth: {\n                  accountID: jazzAuth.accountID,\n                  encryptedCredentials: encryptedCredentials,\n                },\n              },\n            };\n          }),\n        },\n\n        /**\n         * For: Social / OAuth2 plugin\n         * /callback is the endpoint that BetterAuth uses to authenticate the user coming from a social provider.\n         * 1. Catch the state\n         * 2. Find the verification value\n         * 3. If the verification value contains a jazzAuth, inject into the context to have it in case of registration.\n         */\n        {\n          matcher: (context) => {\n            return (\n              context.path.startsWith(\"/callback\") ||\n              context.path.startsWith(\"/oauth2/callback\")\n            );\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            const state = ctx.query?.state || ctx.body?.state;\n\n            const identifier = `${state}-jazz-auth`;\n\n            const data =\n              await ctx.context.internalAdapter.findVerificationValue(\n                identifier,\n              );\n\n            // if not found, the social plugin will throw later anyway\n            if (!data) {\n              throw new APIError(404, {\n                message: \"Verification not found\",\n              });\n            }\n\n            const parsed = JSON.parse(data.value);\n\n            if (parsed && \"jazzAuth\" in parsed) {\n              return {\n                context: {\n                  ...ctx,\n                  jazzAuth: parsed.jazzAuth,\n                },\n              };\n            } else {\n              throw new APIError(404, {\n                message: \"JazzAuth not found in verification value\",\n              });\n            }\n          }),\n        },\n        /**\n         * For: Email OTP plugin\n         * When the user sends an OTP, we try to find the jazzAuth.\n         * If it isn't a sign-up, we expect to not find a verification value.\n         */\n        {\n          matcher: (context) => {\n            return context.path.startsWith(\"/sign-in/email-otp\");\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            const email = ctx.body.email;\n            const identifier = `sign-in-otp-${email}-jazz-auth`;\n\n            const data =\n              await ctx.context.internalAdapter.findVerificationValue(\n                identifier,\n              );\n\n            // if not found, it isn't a sign-up\n            if (!data || data.expiresAt < new Date()) {\n              return;\n            }\n\n            const parsed = JSON.parse(data.value);\n\n            if (parsed && \"jazzAuth\" in parsed) {\n              return {\n                context: {\n                  ...ctx,\n                  jazzAuth: parsed.jazzAuth,\n                },\n              };\n            } else {\n              throw new APIError(500, {\n                message: \"JazzAuth not found in verification value\",\n              });\n            }\n          }),\n        },\n      ],\n      after: [\n        /**\n         * This middleware is used to extract the jazzAuth from the user and return it in the response.\n         * It is used in the following endpoints that return the user:\n         * - /sign-up/email\n         * - /sign-in/email\n         * - /get-session\n         */\n        {\n          matcher: (context) => {\n            return (\n              context.path.startsWith(\"/sign-up\") ||\n              context.path.startsWith(\"/sign-in\") ||\n              context.path.startsWith(\"/get-session\")\n            );\n          },\n          handler: createAuthMiddleware({}, async (ctx) => {\n            const returned = ctx.context.returned as any;\n            if (!returned?.user?.id) {\n              return;\n            }\n            const jazzAuth = await extractJazzAuth(returned.user.id, ctx);\n\n            return ctx.json({\n              ...returned,\n              jazzAuth: jazzAuth,\n            });\n          }),\n        },\n\n        /**\n         * For: Social / OAuth2 plugin\n         * When the user sign-in via social, we create a verification value with the jazzAuth.\n         */\n        {\n          matcher: (context) => {\n            return context.path.startsWith(\"/sign-in/social\");\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            if (!contextContainsJazzAuth(ctx)) {\n              throw new APIError(500, {\n                message: \"JazzAuth not found in context\",\n              });\n            }\n\n            const returned = ctx.context.returned as { url: string };\n\n            const url = new URL(returned.url);\n            const state = url.searchParams.get(\"state\");\n\n            const value = JSON.stringify({ jazzAuth: ctx.jazzAuth });\n            const expiresAt = new Date();\n            expiresAt.setMinutes(expiresAt.getMinutes() + 10);\n\n            await ctx.context.internalAdapter.createVerificationValue({\n              value,\n              identifier: `${state}-jazz-auth`,\n              expiresAt,\n            });\n          }),\n        },\n      ],\n    },\n  } satisfies JazzPlugin;\n};\n\nfunction contextContainsJazzAuth(ctx: unknown): ctx is {\n  jazzAuth: {\n    accountID: string;\n    encryptedCredentials: string;\n  };\n} {\n  return !!ctx && typeof ctx === \"object\" && \"jazzAuth\" in ctx;\n}\n\nasync function extractJazzAuth(\n  userId: string,\n  ctx: MiddlewareContext<\n    MiddlewareOptions,\n    AuthContext & {\n      returned?: unknown;\n      responseHeaders?: Headers;\n    }\n  >,\n) {\n  const user = await ctx.context.adapter.findOne<{\n    accountID: string;\n    encryptedCredentials: string;\n  }>({\n    model: ctx.context.tables.user!.modelName,\n    where: [\n      {\n        field: \"id\",\n        operator: \"eq\",\n        value: userId,\n      },\n    ],\n    select: [\"accountID\", \"encryptedCredentials\"],\n  });\n\n  if (!user) {\n    return;\n  }\n\n  const jazzAuth = JSON.parse(\n    await symmetricDecrypt({\n      key: ctx.context.secret,\n      data: user.encryptedCredentials,\n    }),\n  );\n\n  return jazzAuth;\n}\n"],"mappings":";AACA,SAAS,gBAAgB;AACzB,SAAS,kBAAkB,wBAAwB;AACnD,SAA2B,4BAA4B;AAqChD,IAAM,aAA+B,MAAM;AAChD,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,QAAQ;AAAA,MACN,MAAM;AAAA,QACJ,QAAQ;AAAA,UACN,WAAW;AAAA,YACT,MAAM;AAAA,YACN,UAAU;AAAA,YACV,OAAO;AAAA,UACT;AAAA,UACA,sBAAsB;AAAA,YACpB,MAAM;AAAA,YACN,UAAU;AAAA,YACV,OAAO;AAAA,YACP,UAAU;AAAA,UACZ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IAEA,OAAO;AACL,aAAO;AAAA,QACL,SAAS;AAAA,UACP,eAAe;AAAA,YACb,MAAM;AAAA,cACJ,QAAQ;AAAA,gBACN,QAAQ,OAAO,MAAM,YAAY;AAE/B,sBAAI,CAAC,wBAAwB,OAAO,GAAG;AACrC,0BAAM,IAAI,SAAS,KAAK;AAAA,sBACtB,SAAS;AAAA,oBACX,CAAC;AAAA,kBACH;AAEA,yBAAO;AAAA,oBACL,MAAM;AAAA,sBACJ,WAAW,QAAQ,SAAS;AAAA,sBAC5B,sBACE,QAAQ,SAAS;AAAA,oBACrB;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,cAAc;AAAA,cACZ,QAAQ;AAAA,gBACN,OAAO,OAAO,cAAc,YAAY;AAMtC,sBACE,wBAAwB,OAAO,KAC/B,aAAa,WAAW,WAAW,cAAc,GACjD;AACA,0BAAM,QAAQ,QAAQ,gBAAgB;AAAA,sBACpC;AAAA,wBACE,OAAO,KAAK,UAAU,EAAE,UAAU,QAAQ,SAAS,CAAC;AAAA,wBACpD,YAAY,GAAG,aAAa,UAAU;AAAA,wBACtC,WAAW,aAAa;AAAA,sBAC1B;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,QAKN;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBAAO,CAAC,CAAC,QAAQ,SAAS,IAAI,aAAa;AAAA,UAC7C;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,kBAAM,WAAW,KAAK,MAAM,IAAI,SAAS,IAAI,aAAa,CAAE;AAE5D,kBAAM,cAA+B;AAAA,cACnC,WAAW,SAAS;AAAA,cACpB,YAAY,SAAS;AAAA,cACrB,eAAe,SAAS;AAAA;AAAA,cAExB,UAAU;AAAA,YACZ;AAEA,kBAAM,uBAAuB,MAAM,iBAAiB;AAAA,cAClD,KAAK,IAAI,QAAQ;AAAA,cACjB,MAAM,KAAK,UAAU,WAAW;AAAA,YAClC,CAAC;AAED,mBAAO;AAAA,cACL,SAAS;AAAA,gBACP,GAAG;AAAA,gBACH,UAAU;AAAA,kBACR,WAAW,SAAS;AAAA,kBACpB;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF,CAAC;AAAA,QACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QASA;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBACE,QAAQ,KAAK,WAAW,WAAW,KACnC,QAAQ,KAAK,WAAW,kBAAkB;AAAA,UAE9C;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,kBAAM,QAAQ,IAAI,OAAO,SAAS,IAAI,MAAM;AAE5C,kBAAM,aAAa,GAAG,KAAK;AAE3B,kBAAM,OACJ,MAAM,IAAI,QAAQ,gBAAgB;AAAA,cAChC;AAAA,YACF;AAGF,gBAAI,CAAC,MAAM;AACT,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAEA,kBAAM,SAAS,KAAK,MAAM,KAAK,KAAK;AAEpC,gBAAI,UAAU,cAAc,QAAQ;AAClC,qBAAO;AAAA,gBACL,SAAS;AAAA,kBACP,GAAG;AAAA,kBACH,UAAU,OAAO;AAAA,gBACnB;AAAA,cACF;AAAA,YACF,OAAO;AACL,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAAA,UACF,CAAC;AAAA,QACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAMA;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBAAO,QAAQ,KAAK,WAAW,oBAAoB;AAAA,UACrD;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,kBAAM,QAAQ,IAAI,KAAK;AACvB,kBAAM,aAAa,eAAe,KAAK;AAEvC,kBAAM,OACJ,MAAM,IAAI,QAAQ,gBAAgB;AAAA,cAChC;AAAA,YACF;AAGF,gBAAI,CAAC,QAAQ,KAAK,YAAY,oBAAI,KAAK,GAAG;AACxC;AAAA,YACF;AAEA,kBAAM,SAAS,KAAK,MAAM,KAAK,KAAK;AAEpC,gBAAI,UAAU,cAAc,QAAQ;AAClC,qBAAO;AAAA,gBACL,SAAS;AAAA,kBACP,GAAG;AAAA,kBACH,UAAU,OAAO;AAAA,gBACnB;AAAA,cACF;AAAA,YACF,OAAO;AACL,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAAA,MACA,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAQL;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBACE,QAAQ,KAAK,WAAW,UAAU,KAClC,QAAQ,KAAK,WAAW,UAAU,KAClC,QAAQ,KAAK,WAAW,cAAc;AAAA,UAE1C;AAAA,UACA,SAAS,qBAAqB,CAAC,GAAG,OAAO,QAAQ;AAC/C,kBAAM,WAAW,IAAI,QAAQ;AAC7B,gBAAI,CAAC,UAAU,MAAM,IAAI;AACvB;AAAA,YACF;AACA,kBAAM,WAAW,MAAM,gBAAgB,SAAS,KAAK,IAAI,GAAG;AAE5D,mBAAO,IAAI,KAAK;AAAA,cACd,GAAG;AAAA,cACH;AAAA,YACF,CAAC;AAAA,UACH,CAAC;AAAA,QACH;AAAA;AAAA;AAAA;AAAA;AAAA,QAMA;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBAAO,QAAQ,KAAK,WAAW,iBAAiB;AAAA,UAClD;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,gBAAI,CAAC,wBAAwB,GAAG,GAAG;AACjC,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAEA,kBAAM,WAAW,IAAI,QAAQ;AAE7B,kBAAM,MAAM,IAAI,IAAI,SAAS,GAAG;AAChC,kBAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAE1C,kBAAM,QAAQ,KAAK,UAAU,EAAE,UAAU,IAAI,SAAS,CAAC;AACvD,kBAAM,YAAY,oBAAI,KAAK;AAC3B,sBAAU,WAAW,UAAU,WAAW,IAAI,EAAE;AAEhD,kBAAM,IAAI,QAAQ,gBAAgB,wBAAwB;AAAA,cACxD;AAAA,cACA,YAAY,GAAG,KAAK;AAAA,cACpB;AAAA,YACF,CAAC;AAAA,UACH,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,wBAAwB,KAK/B;AACA,SAAO,CAAC,CAAC,OAAO,OAAO,QAAQ,YAAY,cAAc;AAC3D;AAEA,eAAe,gBACb,QACA,KAOA;AACA,QAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAGpC;AAAA,IACD,OAAO,IAAI,QAAQ,OAAO,KAAM;AAAA,IAChC,OAAO;AAAA,MACL;AAAA,QACE,OAAO;AAAA,QACP,UAAU;AAAA,QACV,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,QAAQ,CAAC,aAAa,sBAAsB;AAAA,EAC9C,CAAC;AAED,MAAI,CAAC,MAAM;AACT;AAAA,EACF;AAEA,QAAM,WAAW,KAAK;AAAA,IACpB,MAAM,iBAAiB;AAAA,MACrB,KAAK,IAAI,QAAQ;AAAA,MACjB,MAAM,KAAK;AAAA,IACb,CAAC;AAAA,EACH;AAEA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../src/better-auth/auth/server.ts"],"sourcesContent":["import { AuthContext, MiddlewareContext, MiddlewareOptions } from \"better-auth\";\nimport { APIError } from \"better-auth/api\";\nimport { symmetricDecrypt, symmetricEncrypt } from \"better-auth/crypto\";\nimport { BetterAuthPlugin, createAuthMiddleware } from \"better-auth/plugins\";\nimport type { Account, AuthCredentials, ID } from \"jazz-tools\";\n\n// Define a type to have user fields mapped in the better-auth instance\n// It should be automatic, but it needs an hard reference to BetterAuthPlugin type\n// in order to be exported as library.\ntype JazzPlugin = BetterAuthPlugin & {\n  schema: {\n    user: {\n      fields: {\n        accountID: {\n          type: \"string\";\n          required: false;\n          input: false;\n        };\n        encryptedCredentials: {\n          type: \"string\";\n          required: false;\n          input: false;\n          returned: false;\n        };\n      };\n    };\n  };\n};\n\n/**\n * @returns The BetterAuth server plugin.\n *\n * @example\n * ```ts\n * const auth = betterAuth({\n *   plugins: [jazzPlugin()],\n *   // ... other BetterAuth options\n * });\n * ```\n */\nexport const jazzPlugin: () => JazzPlugin = () => {\n  return {\n    id: \"jazz-plugin\",\n    schema: {\n      user: {\n        fields: {\n          accountID: {\n            type: \"string\",\n            required: false,\n            input: false,\n          },\n          encryptedCredentials: {\n            type: \"string\",\n            required: false,\n            input: false,\n            returned: false,\n          },\n        },\n      },\n    },\n\n    init() {\n      return {\n        options: {\n          databaseHooks: {\n            user: {\n              create: {\n                before: async (user, context) => {\n                  // If the user is created without a jazzAuth, it will throw an error.\n                  if (!contextContainsJazzAuth(context)) {\n                    throw new APIError(422, {\n                      message: \"JazzAuth is required on user creation\",\n                    });\n                  }\n                  // Decorate the user with the jazz's credentials.\n                  return {\n                    data: {\n                      accountID: context.jazzAuth.accountID,\n                      encryptedCredentials:\n                        context.jazzAuth.encryptedCredentials,\n                    },\n                  };\n                },\n              },\n            },\n            verification: {\n              create: {\n                after: async (verification, context) => {\n                  /**\n                   * For: Email OTP plugin\n                   * After a verification is created, if it is from the EmailOTP plugin,\n                   * create a new verification value with the jazzAuth with the same expiration.\n                   */\n                  if (\n                    contextContainsJazzAuth(context) &&\n                    verification.identifier.startsWith(\"sign-in-otp-\")\n                  ) {\n                    const identifier = `jazz-auth-${verification.identifier}`;\n                    await context.context.internalAdapter.deleteVerificationByIdentifier(\n                      identifier,\n                    );\n                    await context.context.internalAdapter.createVerificationValue(\n                      {\n                        value: JSON.stringify({ jazzAuth: context.jazzAuth }),\n                        identifier: identifier,\n                        expiresAt: verification.expiresAt,\n                      },\n                    );\n                  }\n                },\n              },\n            },\n          },\n        },\n      };\n    },\n\n    hooks: {\n      before: [\n        /**\n         * If the client sends a x-jazz-auth header,\n         * we encrypt the credentials and inject them into the context.\n         */\n        {\n          matcher: (context) => {\n            return !!context.headers?.get(\"x-jazz-auth\");\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            const jazzAuth = JSON.parse(ctx.headers?.get(\"x-jazz-auth\")!);\n\n            const credentials: AuthCredentials = {\n              accountID: jazzAuth.accountID as ID<Account>,\n              secretSeed: jazzAuth.secretSeed,\n              accountSecret: jazzAuth.accountSecret as any,\n              // If the provider remains 'anonymous', Jazz will not consider us authenticated later.\n              provider: \"better-auth\",\n            };\n\n            const encryptedCredentials = await symmetricEncrypt({\n              key: ctx.context.secret,\n              data: JSON.stringify(credentials),\n            });\n\n            return {\n              context: {\n                ...ctx,\n                jazzAuth: {\n                  accountID: jazzAuth.accountID,\n                  encryptedCredentials: encryptedCredentials,\n                },\n              },\n            };\n          }),\n        },\n\n        /**\n         * For: Social / OAuth2 plugin\n         * /callback is the endpoint that BetterAuth uses to authenticate the user coming from a social provider.\n         * 1. Catch the state\n         * 2. Find the verification value\n         * 3. If the verification value contains a jazzAuth, inject into the context to have it in case of registration.\n         */\n        {\n          matcher: (context) => {\n            return (\n              context.path.startsWith(\"/callback\") ||\n              context.path.startsWith(\"/oauth2/callback\")\n            );\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            const state = ctx.query?.state || ctx.body?.state;\n\n            const identifier = `jazz-auth-${state}`;\n\n            const data =\n              await ctx.context.internalAdapter.findVerificationValue(\n                identifier,\n              );\n\n            // if not found, the social plugin will throw later anyway\n            if (!data) {\n              throw new APIError(404, {\n                message: \"Verification not found\",\n              });\n            }\n\n            const parsed = JSON.parse(data.value);\n\n            if (parsed && \"jazzAuth\" in parsed) {\n              return {\n                context: {\n                  ...ctx,\n                  jazzAuth: parsed.jazzAuth,\n                },\n              };\n            } else {\n              throw new APIError(404, {\n                message: \"JazzAuth not found in verification value\",\n              });\n            }\n          }),\n        },\n        /**\n         * For: Email OTP plugin\n         * When the user sends an OTP, we try to find the jazzAuth.\n         * If it isn't a sign-up, we expect to not find a verification value.\n         */\n        {\n          matcher: (context) => {\n            return context.path.startsWith(\"/sign-in/email-otp\");\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            const email = ctx.body.email;\n            const identifier = `jazz-auth-sign-in-otp-${email}`;\n\n            const data =\n              await ctx.context.internalAdapter.findVerificationValue(\n                identifier,\n              );\n\n            // if not found, it isn't a sign-up\n            if (!data || data.expiresAt < new Date()) {\n              return;\n            }\n\n            const parsed = JSON.parse(data.value);\n\n            if (parsed && \"jazzAuth\" in parsed) {\n              return {\n                context: {\n                  ...ctx,\n                  jazzAuth: parsed.jazzAuth,\n                },\n              };\n            } else {\n              throw new APIError(500, {\n                message: \"JazzAuth not found in verification value\",\n              });\n            }\n          }),\n        },\n      ],\n      after: [\n        /**\n         * This middleware is used to extract the jazzAuth from the user and return it in the response.\n         * It is used in the following endpoints that return the user:\n         * - /sign-up/email\n         * - /sign-in/email\n         * - /get-session\n         */\n        {\n          matcher: (context) => {\n            return (\n              context.path.startsWith(\"/sign-up\") ||\n              context.path.startsWith(\"/sign-in\") ||\n              context.path.startsWith(\"/get-session\")\n            );\n          },\n          handler: createAuthMiddleware({}, async (ctx) => {\n            const returned = ctx.context.returned as any;\n            if (!returned?.user?.id) {\n              return;\n            }\n            const jazzAuth = await extractJazzAuth(returned.user.id, ctx);\n\n            return ctx.json({\n              ...returned,\n              jazzAuth: jazzAuth,\n            });\n          }),\n        },\n\n        /**\n         * For: Social / OAuth2 plugin\n         * When the user sign-in via social, we create a verification value with the jazzAuth.\n         */\n        {\n          matcher: (context) => {\n            return context.path.startsWith(\"/sign-in/social\");\n          },\n          handler: createAuthMiddleware(async (ctx) => {\n            if (!contextContainsJazzAuth(ctx)) {\n              throw new APIError(500, {\n                message: \"JazzAuth not found in context\",\n              });\n            }\n\n            const returned = ctx.context.returned as { url: string };\n\n            const url = new URL(returned.url);\n            const state = url.searchParams.get(\"state\");\n\n            const value = JSON.stringify({ jazzAuth: ctx.jazzAuth });\n            const expiresAt = new Date();\n            expiresAt.setMinutes(expiresAt.getMinutes() + 10);\n\n            await ctx.context.internalAdapter.createVerificationValue({\n              value,\n              identifier: `jazz-auth-${state}`,\n              expiresAt,\n            });\n          }),\n        },\n      ],\n    },\n  } satisfies JazzPlugin;\n};\n\nfunction contextContainsJazzAuth(ctx: unknown): ctx is {\n  jazzAuth: {\n    accountID: string;\n    encryptedCredentials: string;\n  };\n} {\n  return !!ctx && typeof ctx === \"object\" && \"jazzAuth\" in ctx;\n}\n\nasync function extractJazzAuth(\n  userId: string,\n  ctx: MiddlewareContext<\n    MiddlewareOptions,\n    AuthContext & {\n      returned?: unknown;\n      responseHeaders?: Headers;\n    }\n  >,\n) {\n  const user = await ctx.context.adapter.findOne<{\n    accountID: string;\n    encryptedCredentials: string;\n  }>({\n    model: ctx.context.tables.user!.modelName,\n    where: [\n      {\n        field: \"id\",\n        operator: \"eq\",\n        value: userId,\n      },\n    ],\n    select: [\"accountID\", \"encryptedCredentials\"],\n  });\n\n  if (!user) {\n    return;\n  }\n\n  const jazzAuth = JSON.parse(\n    await symmetricDecrypt({\n      key: ctx.context.secret,\n      data: user.encryptedCredentials,\n    }),\n  );\n\n  return jazzAuth;\n}\n"],"mappings":";AACA,SAAS,gBAAgB;AACzB,SAAS,kBAAkB,wBAAwB;AACnD,SAA2B,4BAA4B;AAqChD,IAAM,aAA+B,MAAM;AAChD,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,QAAQ;AAAA,MACN,MAAM;AAAA,QACJ,QAAQ;AAAA,UACN,WAAW;AAAA,YACT,MAAM;AAAA,YACN,UAAU;AAAA,YACV,OAAO;AAAA,UACT;AAAA,UACA,sBAAsB;AAAA,YACpB,MAAM;AAAA,YACN,UAAU;AAAA,YACV,OAAO;AAAA,YACP,UAAU;AAAA,UACZ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IAEA,OAAO;AACL,aAAO;AAAA,QACL,SAAS;AAAA,UACP,eAAe;AAAA,YACb,MAAM;AAAA,cACJ,QAAQ;AAAA,gBACN,QAAQ,OAAO,MAAM,YAAY;AAE/B,sBAAI,CAAC,wBAAwB,OAAO,GAAG;AACrC,0BAAM,IAAI,SAAS,KAAK;AAAA,sBACtB,SAAS;AAAA,oBACX,CAAC;AAAA,kBACH;AAEA,yBAAO;AAAA,oBACL,MAAM;AAAA,sBACJ,WAAW,QAAQ,SAAS;AAAA,sBAC5B,sBACE,QAAQ,SAAS;AAAA,oBACrB;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,cAAc;AAAA,cACZ,QAAQ;AAAA,gBACN,OAAO,OAAO,cAAc,YAAY;AAMtC,sBACE,wBAAwB,OAAO,KAC/B,aAAa,WAAW,WAAW,cAAc,GACjD;AACA,0BAAM,aAAa,aAAa,aAAa,UAAU;AACvD,0BAAM,QAAQ,QAAQ,gBAAgB;AAAA,sBACpC;AAAA,oBACF;AACA,0BAAM,QAAQ,QAAQ,gBAAgB;AAAA,sBACpC;AAAA,wBACE,OAAO,KAAK,UAAU,EAAE,UAAU,QAAQ,SAAS,CAAC;AAAA,wBACpD;AAAA,wBACA,WAAW,aAAa;AAAA,sBAC1B;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,QAKN;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBAAO,CAAC,CAAC,QAAQ,SAAS,IAAI,aAAa;AAAA,UAC7C;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,kBAAM,WAAW,KAAK,MAAM,IAAI,SAAS,IAAI,aAAa,CAAE;AAE5D,kBAAM,cAA+B;AAAA,cACnC,WAAW,SAAS;AAAA,cACpB,YAAY,SAAS;AAAA,cACrB,eAAe,SAAS;AAAA;AAAA,cAExB,UAAU;AAAA,YACZ;AAEA,kBAAM,uBAAuB,MAAM,iBAAiB;AAAA,cAClD,KAAK,IAAI,QAAQ;AAAA,cACjB,MAAM,KAAK,UAAU,WAAW;AAAA,YAClC,CAAC;AAED,mBAAO;AAAA,cACL,SAAS;AAAA,gBACP,GAAG;AAAA,gBACH,UAAU;AAAA,kBACR,WAAW,SAAS;AAAA,kBACpB;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,UACF,CAAC;AAAA,QACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QASA;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBACE,QAAQ,KAAK,WAAW,WAAW,KACnC,QAAQ,KAAK,WAAW,kBAAkB;AAAA,UAE9C;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,kBAAM,QAAQ,IAAI,OAAO,SAAS,IAAI,MAAM;AAE5C,kBAAM,aAAa,aAAa,KAAK;AAErC,kBAAM,OACJ,MAAM,IAAI,QAAQ,gBAAgB;AAAA,cAChC;AAAA,YACF;AAGF,gBAAI,CAAC,MAAM;AACT,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAEA,kBAAM,SAAS,KAAK,MAAM,KAAK,KAAK;AAEpC,gBAAI,UAAU,cAAc,QAAQ;AAClC,qBAAO;AAAA,gBACL,SAAS;AAAA,kBACP,GAAG;AAAA,kBACH,UAAU,OAAO;AAAA,gBACnB;AAAA,cACF;AAAA,YACF,OAAO;AACL,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAAA,UACF,CAAC;AAAA,QACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAMA;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBAAO,QAAQ,KAAK,WAAW,oBAAoB;AAAA,UACrD;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,kBAAM,QAAQ,IAAI,KAAK;AACvB,kBAAM,aAAa,yBAAyB,KAAK;AAEjD,kBAAM,OACJ,MAAM,IAAI,QAAQ,gBAAgB;AAAA,cAChC;AAAA,YACF;AAGF,gBAAI,CAAC,QAAQ,KAAK,YAAY,oBAAI,KAAK,GAAG;AACxC;AAAA,YACF;AAEA,kBAAM,SAAS,KAAK,MAAM,KAAK,KAAK;AAEpC,gBAAI,UAAU,cAAc,QAAQ;AAClC,qBAAO;AAAA,gBACL,SAAS;AAAA,kBACP,GAAG;AAAA,kBACH,UAAU,OAAO;AAAA,gBACnB;AAAA,cACF;AAAA,YACF,OAAO;AACL,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAAA,MACA,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAQL;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBACE,QAAQ,KAAK,WAAW,UAAU,KAClC,QAAQ,KAAK,WAAW,UAAU,KAClC,QAAQ,KAAK,WAAW,cAAc;AAAA,UAE1C;AAAA,UACA,SAAS,qBAAqB,CAAC,GAAG,OAAO,QAAQ;AAC/C,kBAAM,WAAW,IAAI,QAAQ;AAC7B,gBAAI,CAAC,UAAU,MAAM,IAAI;AACvB;AAAA,YACF;AACA,kBAAM,WAAW,MAAM,gBAAgB,SAAS,KAAK,IAAI,GAAG;AAE5D,mBAAO,IAAI,KAAK;AAAA,cACd,GAAG;AAAA,cACH;AAAA,YACF,CAAC;AAAA,UACH,CAAC;AAAA,QACH;AAAA;AAAA;AAAA;AAAA;AAAA,QAMA;AAAA,UACE,SAAS,CAAC,YAAY;AACpB,mBAAO,QAAQ,KAAK,WAAW,iBAAiB;AAAA,UAClD;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC3C,gBAAI,CAAC,wBAAwB,GAAG,GAAG;AACjC,oBAAM,IAAI,SAAS,KAAK;AAAA,gBACtB,SAAS;AAAA,cACX,CAAC;AAAA,YACH;AAEA,kBAAM,WAAW,IAAI,QAAQ;AAE7B,kBAAM,MAAM,IAAI,IAAI,SAAS,GAAG;AAChC,kBAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAE1C,kBAAM,QAAQ,KAAK,UAAU,EAAE,UAAU,IAAI,SAAS,CAAC;AACvD,kBAAM,YAAY,oBAAI,KAAK;AAC3B,sBAAU,WAAW,UAAU,WAAW,IAAI,EAAE;AAEhD,kBAAM,IAAI,QAAQ,gBAAgB,wBAAwB;AAAA,cACxD;AAAA,cACA,YAAY,aAAa,KAAK;AAAA,cAC9B;AAAA,YACF,CAAC;AAAA,UACH,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,wBAAwB,KAK/B;AACA,SAAO,CAAC,CAAC,OAAO,OAAO,QAAQ,YAAY,cAAc;AAC3D;AAEA,eAAe,gBACb,QACA,KAOA;AACA,QAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAGpC;AAAA,IACD,OAAO,IAAI,QAAQ,OAAO,KAAM;AAAA,IAChC,OAAO;AAAA,MACL;AAAA,QACE,OAAO;AAAA,QACP,UAAU;AAAA,QACV,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,QAAQ,CAAC,aAAa,sBAAsB;AAAA,EAC9C,CAAC;AAED,MAAI,CAAC,MAAM;AACT;AAAA,EACF;AAEA,QAAM,WAAW,KAAK;AAAA,IACpB,MAAM,iBAAiB;AAAA,MACrB,KAAK,IAAI,QAAQ;AAAA,MACjB,MAAM,KAAK;AAAA,IACb,CAAC;AAAA,EACH;AAEA,SAAO;AACT;","names":[]}

package/dist/{chunk-45VKEOXG.js → chunk-QF3R3C4N.js}

@@ -162,6 +162,32 @@ var CoValueJazzApi = class {
     }
     return new AnonymousJazzAgent(this.localNode);
   }
+  /**
+   * The timestamp of the creation time of the CoValue
+   *
+   * @category Content
+   */
+  get createdAt() {
+    const createdAt = this.raw.core.verified.header.meta?.createdAt;
+    if (typeof createdAt === "string") {
+      return new Date(createdAt).getTime();
+    }
+    return this.raw.core.earliestTxMadeAt;
+  }
+  /**
+   * The timestamp of the last updated time of the CoValue
+   *
+   * Returns the creation time if there are no updates.
+   *
+   * @category Content
+   */
+  get lastUpdatedAt() {
+    const value = this.raw.core.latestTxMadeAt;
+    if (value === 0) {
+      return this.createdAt;
+    }
+    return value;
+  }
 };
 
 // src/tools/implementation/inspect.ts
@@ -679,22 +705,6 @@ var CoMapJazzApi = class extends CoValueJazzApi {
   get raw() {
     return this.getRaw();
   }
-  /**
-   * The timestamp of the creation time of the CoMap
-   *
-   * @category Content
-   */
-  get createdAt() {
-    return this.raw.earliestTxMadeAt ?? Number.MAX_SAFE_INTEGER;
-  }
-  /**
-   * The timestamp of the last updated time of the CoMap
-   *
-   * @category Content
-   */
-  get lastUpdatedAt() {
-    return this.raw.latestTxMadeAt;
-  }
   /** @internal */
   get schema() {
     return this.coMap.constructor._schema;
@@ -1437,6 +1447,39 @@ var CoListProxyHandler = {
     } else {
       return Reflect.has(target, key);
     }
+  },
+  ownKeys(target) {
+    const keys = Reflect.ownKeys(target);
+    const indexKeys = target.$jazz.raw.entries().map((_entry, i) => String(i));
+    keys.push(...indexKeys);
+    return keys;
+  },
+  getOwnPropertyDescriptor(target, key) {
+    if (key === TypeSym) {
+      return {
+        enumerable: false,
+        configurable: true,
+        writable: false,
+        value: target[TypeSym]
+      };
+    } else if (key in target) {
+      return Reflect.getOwnPropertyDescriptor(target, key);
+    } else if (typeof key === "string" && !isNaN(+key)) {
+      const index = Number(key);
+      if (index >= 0 && index < target.$jazz.raw.entries().length) {
+        return {
+          enumerable: true,
+          configurable: true,
+          writable: true
+        };
+      }
+    } else if (key === "length") {
+      return {
+        enumerable: false,
+        configurable: false,
+        writable: false
+      };
+    }
   }
 };
 
@@ -4201,7 +4244,8 @@ async function createJazzContextFromExistingCredentials({
   storage,
   AccountSchema: PropsAccountSchema,
   sessionProvider,
-  onLogOut
+  onLogOut,
+  asActiveAccount
 }) {
   const { sessionID, sessionDone } = await sessionProvider(
     credentials.accountID,
@@ -4218,12 +4262,16 @@ async function createJazzContextFromExistingCredentials({
     storage,
     migration: async (rawAccount, _node, creationProps) => {
       const account2 = AccountClass.fromRaw(rawAccount);
-      activeAccountContext.set(account2);
+      if (asActiveAccount) {
+        activeAccountContext.set(account2);
+      }
       await account2.applyMigration(creationProps);
     }
   });
   const account = AccountClass.fromNode(node);
-  activeAccountContext.set(account);
+  if (asActiveAccount) {
+    activeAccountContext.set(account);
+  }
   return {
     node,
     account,
@@ -4294,7 +4342,8 @@ async function createJazzContext(options) {
       onLogOut: () => {
         authSecretStorage.clearWithoutNotify();
       },
-      storage: options.storage
+      storage: options.storage,
+      asActiveAccount: true
     });
   } else {
     const secretSeed = options.crypto.newRandomSecretSeed();
@@ -4645,9 +4694,13 @@ function enrichCoMapSchema(schema, coValueClass) {
       }
       return coMapDefiner(pickedShape);
     },
-    partial: () => {
+    partial: (keys) => {
       const partialShape = {};
       for (const [key, value] of Object.entries(coValueSchema.shape)) {
+        if (keys && !keys[key]) {
+          partialShape[key] = value;
+          continue;
+        }
         if (isAnyCoValueSchema2(value)) {
           partialShape[key] = coOptionalDefiner(value);
         } else {
@@ -5858,4 +5911,4 @@ export {
   JazzContextManager
 };
 /* istanbul ignore file -- @preserve */
-//# sourceMappingURL=chunk-45VKEOXG.js.map
+//# sourceMappingURL=chunk-QF3R3C4N.js.map