kitcn 0.12.27 → 0.13.1

package/dist/auth/index.d.ts

@@ -1,16 +1,19 @@
-import { a as QueryCtxWithPreferredOrmQueryTable, n as LookupByIdResultByCtx, t as DocByCtx } from "../query-context-CFZqIvD7.js";
-import { t as GetAuth } from "../types-BiJE7qxR.js";
-import { t as GenericCtx } from "../context-utils-BvWW0Ilq.js";
-import { S as defineAuth, _ as GenericAuthBeforeResult, a as AuthFunctions, b as GenericAuthTriggerHandlers, c as createApi, d as deleteOneHandler, f as findManyHandler, g as BetterAuthOptionsWithoutDatabase, h as updateOneHandler, i as getGeneratedAuthDisabledReason, l as createHandler, m as updateManyHandler, n as GeneratedAuthDisabledReasonKind, o as Triggers, p as findOneHandler, r as createDisabledAuthRuntime, s as createClient, t as AuthRuntime, u as deleteManyHandler, v as GenericAuthDefinition, x as GenericAuthTriggers, y as GenericAuthTriggerChange } from "../generated-contract-disabled-21YxPk5W.js";
+import { a as QueryCtxWithPreferredOrmQueryTable, n as LookupByIdResultByCtx, t as DocByCtx } from "../query-context-CNo9ffvI.js";
+import { t as GetAuth } from "../types-BCl8gfGy.js";
+import { t as GenericCtx } from "../context-utils-OMkMGhBk.js";
+import { S as defineAuth, _ as GenericAuthBeforeResult, a as AuthFunctions, b as GenericAuthTriggerHandlers, c as createApi, d as deleteOneHandler, f as findManyHandler, g as BetterAuthOptionsWithoutDatabase, h as updateOneHandler, i as getGeneratedAuthDisabledReason, l as createHandler, m as updateManyHandler, n as GeneratedAuthDisabledReasonKind, o as Triggers, p as findOneHandler, r as createDisabledAuthRuntime, s as createClient, t as AuthRuntime, u as deleteManyHandler, v as GenericAuthDefinition, x as GenericAuthTriggers, y as GenericAuthTriggerChange } from "../generated-contract-disabled-C_-KWRfT.js";
 import * as convex_values0 from "convex/values";
 import { Infer } from "convex/values";
-import { DocumentByName, GenericDataModel, GenericMutationCtx, GenericQueryCtx, GenericSchema, PaginationOptions, PaginationResult, SchemaDefinition, TableNamesInDataModel } from "convex/server";
-import { convex } from "@convex-dev/better-auth/plugins";
+import { AuthConfig, DocumentByName, GenericDataModel, GenericMutationCtx, GenericQueryCtx, GenericSchema, PaginationOptions, PaginationResult, SchemaDefinition, TableNamesInDataModel } from "convex/server";
 import * as better_auth_adapters0 from "better-auth/adapters";
 import { DBAdapterDebugLogOption } from "better-auth/adapters";
 import { BetterAuthDBSchema } from "better-auth/db";
 import { BetterAuthOptions } from "better-auth/minimal";
+import * as better_auth_api0 from "better-auth/api";
+import * as better_auth_plugins_oidc_provider0 from "better-auth/plugins/oidc-provider";
+import * as jose from "jose";
 import * as better_auth0 from "better-auth";
+import { Session, User } from "better-auth";
 import { Where } from "better-auth/types";
 import { SetOptional } from "type-fest";
 
@@ -103,6 +106,7 @@ type AdapterPaginationOptions = PaginationOptions & {
   maximumRowsRead?: number;
 };
 declare const adapterWhereValidator: convex_values0.VObject<{
+  mode?: "sensitive" | "insensitive" | undefined;
   connector?: "AND" | "OR" | undefined;
   operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
   value: string | number | boolean | string[] | number[] | null;
@@ -110,12 +114,14 @@ declare const adapterWhereValidator: convex_values0.VObject<{
 }, {
   connector: convex_values0.VUnion<"AND" | "OR" | undefined, [convex_values0.VLiteral<"AND", "required">, convex_values0.VLiteral<"OR", "required">], "optional", never>;
   field: convex_values0.VString<string, "required">;
+  mode: convex_values0.VUnion<"sensitive" | "insensitive" | undefined, [convex_values0.VLiteral<"sensitive", "required">, convex_values0.VLiteral<"insensitive", "required">], "optional", never>;
   operator: convex_values0.VUnion<"lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined, [convex_values0.VLiteral<"lt", "required">, convex_values0.VLiteral<"lte", "required">, convex_values0.VLiteral<"gt", "required">, convex_values0.VLiteral<"gte", "required">, convex_values0.VLiteral<"eq", "required">, convex_values0.VLiteral<"in", "required">, convex_values0.VLiteral<"not_in", "required">, convex_values0.VLiteral<"ne", "required">, convex_values0.VLiteral<"contains", "required">, convex_values0.VLiteral<"starts_with", "required">, convex_values0.VLiteral<"ends_with", "required">], "optional", never>;
   value: convex_values0.VUnion<string | number | boolean | string[] | number[] | null, [convex_values0.VString<string, "required">, convex_values0.VFloat64<number, "required">, convex_values0.VBoolean<boolean, "required">, convex_values0.VArray<string[], convex_values0.VString<string, "required">, "required">, convex_values0.VArray<number[], convex_values0.VFloat64<number, "required">, "required">, convex_values0.VNull<null, "required">], "required", never>;
-}, "required", "value" | "connector" | "field" | "operator">;
+}, "required", "mode" | "value" | "connector" | "field" | "operator">;
 declare const adapterArgsValidator: convex_values0.VObject<{
   select?: string[] | undefined;
   where?: {
+    mode?: "sensitive" | "insensitive" | undefined;
     connector?: "AND" | "OR" | undefined;
     operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
     value: string | number | boolean | string[] | number[] | null;
@@ -141,11 +147,13 @@ declare const adapterArgsValidator: convex_values0.VObject<{
     field: convex_values0.VString<string, "required">;
   }, "optional", "field" | "direction">;
   where: convex_values0.VArray<{
+    mode?: "sensitive" | "insensitive" | undefined;
     connector?: "AND" | "OR" | undefined;
     operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
     value: string | number | boolean | string[] | number[] | null;
     field: string;
   }[] | undefined, convex_values0.VObject<{
+    mode?: "sensitive" | "insensitive" | undefined;
     connector?: "AND" | "OR" | undefined;
     operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
     value: string | number | boolean | string[] | number[] | null;
@@ -153,9 +161,10 @@ declare const adapterArgsValidator: convex_values0.VObject<{
   }, {
     connector: convex_values0.VUnion<"AND" | "OR" | undefined, [convex_values0.VLiteral<"AND", "required">, convex_values0.VLiteral<"OR", "required">], "optional", never>;
     field: convex_values0.VString<string, "required">;
+    mode: convex_values0.VUnion<"sensitive" | "insensitive" | undefined, [convex_values0.VLiteral<"sensitive", "required">, convex_values0.VLiteral<"insensitive", "required">], "optional", never>;
     operator: convex_values0.VUnion<"lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined, [convex_values0.VLiteral<"lt", "required">, convex_values0.VLiteral<"lte", "required">, convex_values0.VLiteral<"gt", "required">, convex_values0.VLiteral<"gte", "required">, convex_values0.VLiteral<"eq", "required">, convex_values0.VLiteral<"in", "required">, convex_values0.VLiteral<"not_in", "required">, convex_values0.VLiteral<"ne", "required">, convex_values0.VLiteral<"contains", "required">, convex_values0.VLiteral<"starts_with", "required">, convex_values0.VLiteral<"ends_with", "required">], "optional", never>;
     value: convex_values0.VUnion<string | number | boolean | string[] | number[] | null, [convex_values0.VString<string, "required">, convex_values0.VFloat64<number, "required">, convex_values0.VBoolean<boolean, "required">, convex_values0.VArray<string[], convex_values0.VString<string, "required">, "required">, convex_values0.VArray<number[], convex_values0.VFloat64<number, "required">, "required">, convex_values0.VNull<null, "required">], "required", never>;
-  }, "required", "value" | "connector" | "field" | "operator">, "optional">;
+  }, "required", "mode" | "value" | "connector" | "field" | "operator">, "optional">;
 }, "required", "model" | "select" | "where" | "limit" | "offset" | "sortBy" | "sortBy.field" | "sortBy.direction">;
 declare const hasUniqueFields: (betterAuthSchema: BetterAuthDBSchema, model: string, input: Record<string, any>) => boolean;
 declare const checkUniqueFields: <Schema extends SchemaDefinition<any, any>>(ctx: GenericQueryCtx<GenericDataModel>, schema: Schema, betterAuthSchema: BetterAuthDBSchema, table: string, input: Record<string, any>, doc?: Record<string, any>) => Promise<void>;
@@ -218,4 +227,279 @@ declare function getSession<TCtx extends GenericQueryCtx<any>>(ctx: TCtx & Sessi
 declare const getSessionNetworkSignals: <TCtx extends GenericQueryCtx<any>>(ctx: TCtx & QueryCtxWithPreferredOrmQueryTable<TCtx, "session">, session?: SessionResult<TCtx> | null) => Promise<SessionClientSignals>;
 declare const getHeaders: <TCtx extends GenericQueryCtx<any>>(ctx: TCtx & QueryCtxWithPreferredOrmQueryTable<TCtx, "session">, session?: SessionResult<TCtx> | null) => Promise<Headers>;
 //#endregion
+//#region src/auth/internal/convex-plugin.d.ts
+declare const convex: (opts: {
+  authConfig: AuthConfig;
+  jwks?: string;
+  jwksRotateOnTokenGenerationError?: boolean;
+  jwt?: {
+    definePayload?: (session: {
+      session: Session & Record<string, any>;
+      user: User & Record<string, any>;
+    }) => Promise<Record<string, any>> | Record<string, any> | undefined;
+    expirationSeconds?: number;
+  };
+  /**
+   * @deprecated Use jwt.expirationSeconds instead.
+   */
+  jwtExpirationSeconds?: number;
+  options?: BetterAuthOptions;
+}) => {
+  id: "convex";
+  init: (ctx: better_auth0.AuthContext) => void;
+  hooks: {
+    before: ({
+      matcher(context: better_auth0.HookEndpointContext): boolean;
+      handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
+        context: {
+          headers: Headers;
+        };
+      } | undefined>;
+    } | {
+      matcher: (ctx: better_auth0.HookEndpointContext) => boolean;
+      handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
+        context: better_auth0.MiddlewareContext<better_auth0.MiddlewareOptions, {
+          returned?: unknown | undefined;
+          responseHeaders?: Headers | undefined;
+        } & better_auth0.PluginContext<BetterAuthOptions> & better_auth0.InfoContext & {
+          options: BetterAuthOptions;
+          trustedOrigins: string[];
+          trustedProviders: string[];
+          isTrustedOrigin: (url: string, settings?: {
+            allowRelativePaths: boolean;
+          }) => boolean;
+          oauthConfig: {
+            skipStateCookieCheck?: boolean | undefined;
+            storeStateStrategy: "database" | "cookie";
+          };
+          newSession: {
+            session: {
+              id: string;
+              createdAt: Date;
+              updatedAt: Date;
+              userId: string;
+              expiresAt: Date;
+              token: string;
+              ipAddress?: string | null | undefined;
+              userAgent?: string | null | undefined;
+            } & Record<string, any>;
+            user: {
+              id: string;
+              createdAt: Date;
+              updatedAt: Date;
+              email: string;
+              emailVerified: boolean;
+              name: string;
+              image?: string | null | undefined;
+            } & Record<string, any>;
+          } | null;
+          session: {
+            session: {
+              id: string;
+              createdAt: Date;
+              updatedAt: Date;
+              userId: string;
+              expiresAt: Date;
+              token: string;
+              ipAddress?: string | null | undefined;
+              userAgent?: string | null | undefined;
+            } & Record<string, any>;
+            user: {
+              id: string;
+              createdAt: Date;
+              updatedAt: Date;
+              email: string;
+              emailVerified: boolean;
+              name: string;
+              image?: string | null | undefined;
+            } & Record<string, any>;
+          } | null;
+          setNewSession: (session: {
+            session: {
+              id: string;
+              createdAt: Date;
+              updatedAt: Date;
+              userId: string;
+              expiresAt: Date;
+              token: string;
+              ipAddress?: string | null | undefined;
+              userAgent?: string | null | undefined;
+            } & Record<string, any>;
+            user: {
+              id: string;
+              createdAt: Date;
+              updatedAt: Date;
+              email: string;
+              emailVerified: boolean;
+              name: string;
+              image?: string | null | undefined;
+            } & Record<string, any>;
+          } | null) => void;
+          socialProviders: better_auth0.OAuthProvider[];
+          authCookies: better_auth0.BetterAuthCookies;
+          logger: ReturnType<(options?: better_auth0.Logger | undefined) => better_auth0.InternalLogger>;
+          rateLimit: {
+            enabled: boolean;
+            window: number;
+            max: number;
+            storage: "memory" | "database" | "secondary-storage";
+          } & Omit<better_auth0.BetterAuthRateLimitOptions, "enabled" | "window" | "max" | "storage">;
+          adapter: better_auth0.DBAdapter<BetterAuthOptions>;
+          internalAdapter: better_auth0.InternalAdapter<BetterAuthOptions>;
+          createAuthCookie: (cookieName: string, overrideAttributes?: Partial<better_auth0.CookieOptions> | undefined) => better_auth0.BetterAuthCookie;
+          secret: string;
+          secretConfig: string | better_auth0.SecretConfig;
+          sessionConfig: {
+            updateAge: number;
+            expiresIn: number;
+            freshAge: number;
+            cookieRefreshCache: false | {
+              enabled: true;
+              updateAge: number;
+            };
+          };
+          generateId: (options: {
+            model: better_auth0.ModelNames;
+            size?: number | undefined;
+          }) => string | false;
+          secondaryStorage: better_auth0.SecondaryStorage | undefined;
+          password: {
+            hash: (password: string) => Promise<string>;
+            verify: (data: {
+              password: string;
+              hash: string;
+            }) => Promise<boolean>;
+            config: {
+              minPasswordLength: number;
+              maxPasswordLength: number;
+            };
+            checkPassword: (userId: string, ctx: better_auth0.GenericEndpointContext<BetterAuthOptions>) => Promise<boolean>;
+          };
+          tables: better_auth0.BetterAuthDBSchema;
+          runMigrations: () => Promise<void>;
+          publishTelemetry: (event: {
+            type: string;
+            anonymousId?: string | undefined;
+            payload: Record<string, any>;
+          }) => Promise<void>;
+          skipOriginCheck: boolean | string[];
+          skipCSRFCheck: boolean;
+          runInBackground: (promise: Promise<unknown>) => void;
+          runInBackgroundOrAwait: (promise: Promise<unknown> | void) => better_auth0.Awaitable<unknown>;
+        }>;
+      }>;
+    })[];
+    after: {
+      matcher: (context: better_auth0.HookEndpointContext) => boolean;
+      handler: better_auth_api0.AuthMiddleware;
+    }[];
+  };
+  endpoints: {
+    getOpenIdConfig: better_auth0.StrictEndpoint<"/convex/.well-known/openid-configuration", {
+      method: "GET";
+      metadata: {
+        isAction: false;
+      };
+    }, better_auth_plugins_oidc_provider0.OIDCMetadata>;
+    getJwks: better_auth0.StrictEndpoint<"/convex/jwks", {
+      method: "GET";
+      metadata: {
+        openapi: {
+          description: string;
+          responses: {
+            '200': {
+              description: string;
+            };
+          };
+        };
+      };
+    }, jose.JSONWebKeySet>;
+    getLatestJwks: better_auth0.StrictEndpoint<"/convex/latest-jwks", {
+      isAction: boolean;
+      method: "POST";
+      metadata: {
+        SERVER_ONLY: true;
+        openapi: {
+          description: string;
+        };
+      };
+    }, any[]>;
+    rotateKeys: better_auth0.StrictEndpoint<"/convex/rotate-keys", {
+      isAction: boolean;
+      method: "POST";
+      metadata: {
+        SERVER_ONLY: true;
+        openapi: {
+          description: string;
+        };
+      };
+    }, any[]>;
+    getToken: better_auth0.StrictEndpoint<"/convex/token", {
+      method: "GET";
+      requireHeaders: true;
+      use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
+        session: {
+          session: Record<string, any> & {
+            id: string;
+            createdAt: Date;
+            updatedAt: Date;
+            userId: string;
+            expiresAt: Date;
+            token: string;
+            ipAddress?: string | null | undefined;
+            userAgent?: string | null | undefined;
+          };
+          user: Record<string, any> & {
+            id: string;
+            createdAt: Date;
+            updatedAt: Date;
+            email: string;
+            emailVerified: boolean;
+            name: string;
+            image?: string | null | undefined;
+          };
+        };
+      }>)[];
+      metadata: {
+        openapi: {
+          description: string;
+        };
+      };
+    }, {
+      token: string;
+    }>;
+  };
+  schema: {
+    jwks: {
+      fields: {
+        publicKey: {
+          type: "string";
+          required: true;
+        };
+        privateKey: {
+          type: "string";
+          required: true;
+        };
+        createdAt: {
+          type: "date";
+          required: true;
+        };
+        expiresAt: {
+          type: "date";
+          required: false;
+        };
+      };
+    };
+    user: {
+      readonly fields: {
+        readonly userId: {
+          readonly type: "string";
+          readonly required: false;
+          readonly input: false;
+        };
+      };
+    };
+  };
+};
+//#endregion
 export { type AuthFunctions, type AuthRuntime, BetterAuthOptionsWithoutDatabase, ConvexCleanedWhere, type GeneratedAuthDisabledReasonKind, GenericAuthBeforeResult, GenericAuthDefinition, GenericAuthTriggerChange, GenericAuthTriggerHandlers, GenericAuthTriggers, GetAuth, SessionClientSignals, type Triggers, adapterArgsValidator, adapterConfig, adapterWhereValidator, checkUniqueFields, convex, createApi, createAuthRuntime, createClient, createDisabledAuthRuntime, createHandler, dbAdapter, defineAuth, deleteManyHandler, deleteOneHandler, findManyHandler, findOneHandler, getAuthUserId, getAuthUserIdentity, getGeneratedAuthDisabledReason, getHeaders, getInvalidAuthDefinitionExportReason, getSession, getSessionNetworkSignals, handlePagination, hasUniqueFields, httpAdapter, listOne, paginate, resolveGeneratedAuthDefinition, selectFields, updateManyHandler, updateOneHandler };

package/dist/auth/index.js

@@ -1,11 +1,12 @@
-import { r as partial, s as asyncMap } from "../validators-B7oIJCAp.js";
-import { i as defineAuth, n as createDisabledAuthRuntime, r as getGeneratedAuthDisabledReason, t as DEFAULT_AUTH_DEFINITION_PATH } from "../generated-contract-disabled-Cih4eITO.js";
-import { n as createGeneratedFunctionReference, o as isQueryCtx, s as isRunMutationCtx } from "../api-entry-BUAh_K4k.js";
-import { n as customCtx, r as customMutation } from "../customFunctions-C0voKmtx.js";
-import { a as mergedStream, l as unsetToken, o as stream, t as getByIdWithOrmQueryFallback, v as eq } from "../query-context-B8o6-8kC.js";
+import { n as asyncMap } from "../upstream-BR6sBLg3.js";
+import { r as partial } from "../validators-C7LelqTN.js";
+import { i as defineAuth, n as createDisabledAuthRuntime, r as getGeneratedAuthDisabledReason, t as DEFAULT_AUTH_DEFINITION_PATH } from "../generated-contract-disabled-BXaz7JCE.js";
+import { n as createGeneratedFunctionReference, o as isQueryCtx, s as isRunMutationCtx } from "../api-entry-N3nBOlI2.js";
+import { n as customCtx, r as customMutation } from "../customFunctions-DxEEO4Dq.js";
+import { a as mergedStream, l as unsetToken, o as stream, t as getByIdWithOrmQueryFallback, v as eq } from "../query-context-ydn9kb6P.js";
+import { n as convex } from "../convex-plugin-C3N9BB-J.js";
 import { v } from "convex/values";
 import { internalActionGeneric, internalMutationGeneric, internalQueryGeneric, paginationOptsValidator } from "convex/server";
-import { convex } from "@convex-dev/better-auth/plugins";
 import { createAdapterFactory } from "better-auth/adapters";
 import { getAuthTables } from "better-auth/db";
 import { prop, sortBy } from "remeda";
@@ -16,6 +17,7 @@ import { betterAuth } from "better-auth/minimal";
 const adapterWhereValidator = v.object({
 	connector: v.optional(v.union(v.literal("AND"), v.literal("OR"))),
 	field: v.string(),
+	mode: v.optional(v.union(v.literal("sensitive"), v.literal("insensitive"))),
 	operator: v.optional(v.union(v.literal("lt"), v.literal("lte"), v.literal("gt"), v.literal("gte"), v.literal("eq"), v.literal("in"), v.literal("not_in"), v.literal("ne"), v.literal("contains"), v.literal("starts_with"), v.literal("ends_with"))),
 	value: v.union(v.string(), v.number(), v.boolean(), v.array(v.string()), v.array(v.number()), v.null())
 });
@@ -41,7 +43,7 @@ const hasUniqueFields = (betterAuthSchema, model, input) => {
 };
 const findIndex = (schema, args) => {
 	if ((args.where?.length ?? 0) > 1 && args.where?.some((w) => w.connector === "OR")) throw new Error(`OR connector not supported with multiple where statements in findIndex, split up the where statements before calling findIndex: ${JSON.stringify(args.where)}`);
-	const where = args.where?.filter((w) => (!w.operator || [
+	const where = args.where?.filter((w) => w.mode !== "insensitive" && (!w.operator || [
 		"eq",
 		"gt",
 		"gte",
@@ -66,7 +68,7 @@ const findIndex = (schema, args) => {
 	if (!table) throw new Error(`Table ${args.model} not found`);
 	const indexes = table[" indexes"] ? table[" indexes"]() : table.export().indexes;
 	const sortField = args.sortBy?.field;
-	const indexFields = indexEqFields.map(([field]) => field).concat(boundField && boundField !== "createdAt" ? `${indexEqFields.length > 0 ? "_" : ""}${boundField}` : "").concat(sortField && sortField !== "createdAt" && boundField !== sortField ? `${indexEqFields.length > 0 || boundField ? "_" : ""}${sortField}` : "").filter(Boolean);
+	const indexFields = indexEqFields.map(([field]) => field).concat(boundField && boundField !== "createdAt" ? boundField : "").concat(sortField && sortField !== "createdAt" && boundField !== sortField ? sortField : "").filter(Boolean);
 	if (indexFields.length === 0 && !boundField && !sortField) return;
 	const index = indexFields.length === 0 ? {
 		fields: [],
@@ -124,30 +126,34 @@ const filterByWhere = (doc, where, filterWhere) => {
 	for (const w of where ?? []) {
 		if (filterWhere && !filterWhere(w)) continue;
 		const value = doc[w.field];
+		const normalizeString = (input) => w.mode === "insensitive" ? input.toLowerCase() : input;
+		const normalizeComparable = (input) => typeof input === "string" ? normalizeString(input) : input;
 		const isLessThan = (val, wVal) => {
 			if (wVal === void 0 || wVal === null) return false;
 			if (val === void 0 || val === null) return true;
-			return val < wVal;
+			return normalizeComparable(val) < normalizeComparable(wVal);
 		};
 		const isGreaterThan = (val, wVal) => {
 			if (val === void 0 || val === null) return false;
 			if (wVal === void 0 || wVal === null) return true;
-			return val > wVal;
+			return normalizeComparable(val) > normalizeComparable(wVal);
 		};
 		const filter = (w) => {
+			const comparableValue = normalizeComparable(value);
+			const comparableWhereValue = normalizeComparable(w.value);
 			switch (w.operator) {
-				case "contains": return typeof value === "string" && value.includes(w.value);
-				case "ends_with": return typeof value === "string" && value.endsWith(w.value);
+				case "contains": return typeof comparableValue === "string" && typeof comparableWhereValue === "string" && comparableValue.includes(comparableWhereValue);
+				case "ends_with": return typeof comparableValue === "string" && typeof comparableWhereValue === "string" && comparableValue.endsWith(comparableWhereValue);
 				case "eq":
-				case void 0: return value === w.value;
+				case void 0: return comparableValue === comparableWhereValue;
 				case "gt": return isGreaterThan(value, w.value);
-				case "gte": return value === w.value || isGreaterThan(value, w.value);
-				case "in": return Array.isArray(w.value) && w.value.includes(value);
+				case "gte": return comparableValue === comparableWhereValue || isGreaterThan(value, w.value);
+				case "in": return Array.isArray(w.value) && w.value.some((candidate) => normalizeComparable(candidate) === comparableValue);
 				case "lt": return isLessThan(value, w.value);
-				case "lte": return value === w.value || isLessThan(value, w.value);
-				case "ne": return value !== w.value;
-				case "not_in": return Array.isArray(w.value) && !w.value.includes(value);
-				case "starts_with": return typeof value === "string" && value.startsWith(w.value);
+				case "lte": return comparableValue === comparableWhereValue || isLessThan(value, w.value);
+				case "ne": return comparableValue !== comparableWhereValue;
+				case "not_in": return Array.isArray(w.value) && !w.value.some((candidate) => normalizeComparable(candidate) === comparableValue);
+				case "starts_with": return typeof comparableValue === "string" && typeof comparableWhereValue === "string" && comparableValue.startsWith(comparableWhereValue);
 			}
 		};
 		if (!filter(w)) return false;
@@ -177,7 +183,7 @@ const generateQuery = (ctx, schema, args) => {
       `);
 	return orderedQuery.filterWith(async (doc) => {
 		if (!usableIndex) return filterByWhere(doc, args.where);
-		return filterByWhere(doc, args.where, (w) => w.operator && [
+		return filterByWhere(doc, args.where, (w) => w.mode === "insensitive" || w.operator && [
 			"contains",
 			"ends_with",
 			"ne",
@@ -195,7 +201,7 @@ const paginate = async (ctx, schema, betterAuthSchema, args) => {
 		"ne",
 		"not_in"
 	].includes(w.operator))) throw new Error(`id can only be used with eq, in, not_in, or ne operator: ${JSON.stringify(args.where)}`);
-	const uniqueWhere = args.where?.find((w) => (!w.operator || w.operator === "eq") && (isUniqueField(betterAuthSchema, args.model, w.field) || w.field === "_id"));
+	const uniqueWhere = args.where?.find((w) => w.mode !== "insensitive" && (!w.operator || w.operator === "eq") && (isUniqueField(betterAuthSchema, args.model, w.field) || w.field === "_id"));
 	if (uniqueWhere) {
 		const { index } = findIndex(schema, {
 			model: args.model,
@@ -813,13 +819,13 @@ const ORM_SCHEMA_OPTIONS = Symbol.for("kitcn:OrmSchemaOptions");
 const hasOrmSchemaMetadata = (schema) => !!schema && typeof schema === "object" && ORM_SCHEMA_OPTIONS in schema;
 const createAuthSchema = async ({ file, schema, tables }) => {
 	if (hasOrmSchemaMetadata(schema)) {
-		const { createSchemaOrm } = await import("../create-schema-orm-DOyiNDCx.js");
+		const { createSchemaOrm } = await import("../create-schema-orm-B3f2Kc8O.js");
 		return createSchemaOrm({
 			file,
 			tables
 		});
 	}
-	const { createSchema } = await import("../create-schema-odyF4kCy.js");
+	const { createSchema } = await import("../create-schema-BXrKE2YY.js");
 	return createSchema({
 		file,
 		tables

package/dist/auth/nextjs/index.d.ts

@@ -1,10 +1,11 @@
-import { U as LazyCaller, V as ConvexContext } from "../../procedure-name-D-fDCBlo.js";
-import { GetTokenOptions } from "@convex-dev/better-auth/utils";
+import { U as LazyCaller, V as ConvexContext } from "../../procedure-name-BCRBr6Po.js";
+import { t as GetTokenOptions } from "../../token-B9Bjcqug.js";
 
 //#region src/auth-nextjs/index.d.ts
 /** Auth options for server-side calls. */
 type AuthOptions = {
-  /** Enable/disable JWT caching. Default: true */jwtCache?: boolean; /** Custom function to detect UNAUTHORIZED errors. Default checks code property. */
+  /** Better Auth auth route base path. Defaults to `/api/auth`. */basePath?: string; /** Enable/disable JWT caching. Default: true */
+  jwtCache?: boolean; /** Custom function to detect UNAUTHORIZED errors. Default checks code property. */
   isUnauthorized?: (error: unknown) => boolean; /** Expiration tolerance in seconds. */
   expirationToleranceSeconds?: number;
 };

package/dist/auth/nextjs/index.js

@@ -1,19 +1,23 @@
-import { n as defaultIsUnauthorized } from "../../error-BZEnI7Sq.js";
-import { t as createCallerFactory } from "../../caller-factory-cTXNvYdz.js";
-import { getToken } from "@convex-dev/better-auth/utils";
+import { t as getToken } from "../../token-tpipF-7y.js";
+import { n as defaultIsUnauthorized } from "../../error-Bvo7YEhk.js";
+import { t as createCallerFactory } from "../../caller-factory-NEfgD5E0.js";
 
 //#region src/auth-nextjs/index.ts
 /** biome-ignore-all lint/suspicious/noExplicitAny: lib */
 /**
 * Next.js + Better Auth wrapper for Convex caller factory.
-* Uses @convex-dev/better-auth for token management.
 */
+const TRAILING_COLON_RE = /:$/;
 const handler = async (request, siteUrl) => {
 	const requestUrl = new URL(request.url);
 	const nextUrl = `${siteUrl}${requestUrl.pathname}${requestUrl.search}`;
 	const headers = new Headers(request.headers);
 	headers.set("accept-encoding", "application/json");
 	headers.set("host", new URL(siteUrl).host);
+	headers.set("x-forwarded-host", requestUrl.host);
+	headers.set("x-forwarded-proto", requestUrl.protocol.replace(TRAILING_COLON_RE, ""));
+	headers.set("x-better-auth-forwarded-host", requestUrl.host);
+	headers.set("x-better-auth-forwarded-proto", requestUrl.protocol.replace(TRAILING_COLON_RE, ""));
 	const body = request.method !== "GET" && request.method !== "HEAD" ? await request.arrayBuffer() : void 0;
 	return fetch(nextUrl, {
 		body,
@@ -60,6 +64,7 @@ function convexBetterAuth(opts) {
 				mutableHeaders.delete("transfer-encoding");
 				mutableHeaders.set("accept-encoding", "identity");
 				return getToken(siteUrl, mutableHeaders, {
+					basePath: auth.basePath,
 					...getTokenOpts,
 					jwtCache: {
 						enabled: true,

package/dist/auth/start/index.d.ts

@@ -1,7 +1,17 @@
-import { convexBetterAuthReactStart as convexBetterAuthReactStart$1 } from "@convex-dev/better-auth/react-start";
-export * from "@convex-dev/better-auth/react-start";
+import { t as GetTokenOptions } from "../../token-B9Bjcqug.js";
+import { FunctionReference, FunctionReturnType, OptionalRestArgs } from "convex/server";
 
 //#region src/auth-start/index.d.ts
-declare const convexBetterAuthReactStart: typeof convexBetterAuthReactStart$1;
+type ConvexBetterAuthReactStartOptions = Omit<GetTokenOptions, 'forceRefresh'> & {
+  convexSiteUrl: string;
+  convexUrl: string;
+};
+declare const convexBetterAuthReactStart: (opts: ConvexBetterAuthReactStartOptions) => {
+  getToken: () => Promise<string | undefined>;
+  handler: (request: Request) => Promise<Response>;
+  fetchAuthQuery: <Query extends FunctionReference<"query">>(query: Query, ...args: OptionalRestArgs<Query>) => Promise<FunctionReturnType<Query>>;
+  fetchAuthMutation: <Mutation extends FunctionReference<"mutation">>(mutation: Mutation, ...args: OptionalRestArgs<Mutation>) => Promise<FunctionReturnType<Mutation>>;
+  fetchAuthAction: <Action extends FunctionReference<"action">>(action: Action, ...args: OptionalRestArgs<Action>) => Promise<FunctionReturnType<Action>>;
+};
 //#endregion
 export { convexBetterAuthReactStart };