learn-auth-sdk 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env node
2
+ import('../dist/cli/index.js').catch((err) => {
3
+ console.error('Failed to load CLI:', err.message);
4
+ process.exit(1);
5
+ });
@@ -0,0 +1,2 @@
1
+
2
+ export { }
@@ -0,0 +1,343 @@
1
+ // src/cli/index.ts
2
+ import { Command } from "commander";
3
+
4
+ // src/machine-id.ts
5
+ import { exec } from "child_process";
6
+ import { promisify } from "util";
7
+ import { createHash } from "crypto";
8
+ import * as os from "os";
9
+ var execAsync = promisify(exec);
10
+ async function getMachineId() {
11
+ const platform2 = process.platform;
12
+ try {
13
+ let rawId;
14
+ if (platform2 === "darwin") {
15
+ rawId = await getMacOSId();
16
+ } else if (platform2 === "linux") {
17
+ rawId = await getLinuxId();
18
+ } else if (platform2 === "win32") {
19
+ rawId = await getWindowsId();
20
+ } else {
21
+ throw new Error(`Unsupported platform: ${platform2}`);
22
+ }
23
+ const machineId = createHash("sha256").update(rawId).digest("hex").substring(0, 32);
24
+ const fingerprintData = JSON.stringify({
25
+ machineId,
26
+ cpus: os.cpus().length,
27
+ arch: os.arch(),
28
+ platform: os.platform(),
29
+ homedir: os.homedir()
30
+ });
31
+ const fingerprint = createHash("sha256").update(fingerprintData).digest("hex");
32
+ return { machineId, fingerprint };
33
+ } catch (error) {
34
+ throw new Error(`Failed to get machine ID: ${error.message}`);
35
+ }
36
+ }
37
+ async function getMacOSId() {
38
+ try {
39
+ const { stdout: serial } = await execAsync(
40
+ `ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`
41
+ );
42
+ const { stdout: hostname } = await execAsync("hostname");
43
+ const serialTrimmed = serial.trim();
44
+ const hostnameTrimmed = hostname.trim();
45
+ if (serialTrimmed && hostnameTrimmed) {
46
+ return `${serialTrimmed}-${hostnameTrimmed}`;
47
+ }
48
+ const { stdout: uuid } = await execAsync(
49
+ `ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`
50
+ );
51
+ return uuid.trim();
52
+ } catch (error) {
53
+ throw new Error("Failed to get macOS machine ID");
54
+ }
55
+ }
56
+ async function getLinuxId() {
57
+ try {
58
+ const { stdout } = await execAsync(
59
+ "cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"
60
+ );
61
+ const machineId = stdout.trim();
62
+ if (machineId) {
63
+ return machineId;
64
+ }
65
+ throw new Error("Machine ID file not found");
66
+ } catch (error) {
67
+ throw new Error("Failed to get Linux machine ID");
68
+ }
69
+ }
70
+ async function getWindowsId() {
71
+ try {
72
+ const { stdout } = await execAsync("wmic csproduct get uuid");
73
+ const lines = stdout.split("\n").map((l) => l.trim());
74
+ const uuid = lines.find((l) => l && l !== "UUID");
75
+ if (uuid) {
76
+ return uuid;
77
+ }
78
+ throw new Error("Failed to parse machine UUID from WMIC");
79
+ } catch (error) {
80
+ throw new Error("Failed to get Windows machine ID");
81
+ }
82
+ }
83
+
84
+ // src/credentials.ts
85
+ import * as fs from "fs";
86
+ import * as path from "path";
87
+ import * as os2 from "os";
88
+ function getCredentialsPath() {
89
+ const homeDir = os2.homedir();
90
+ const learnDir = path.join(homeDir, ".learn");
91
+ return path.join(learnDir, "credentials.json");
92
+ }
93
+ function ensureLearnDir() {
94
+ const homeDir = os2.homedir();
95
+ const learnDir = path.join(homeDir, ".learn");
96
+ if (!fs.existsSync(learnDir)) {
97
+ fs.mkdirSync(learnDir, { recursive: true, mode: 448 });
98
+ }
99
+ }
100
+ function readAllCredentials() {
101
+ try {
102
+ const credPath = getCredentialsPath();
103
+ if (!fs.existsSync(credPath)) {
104
+ return null;
105
+ }
106
+ const data = fs.readFileSync(credPath, "utf-8");
107
+ const store = JSON.parse(data);
108
+ if (store.access_token && !store["learn-secrets-sdk"] && !store["learn-auth-sdk"]) {
109
+ return {
110
+ "learn-secrets-sdk": store
111
+ };
112
+ }
113
+ return store;
114
+ } catch (err) {
115
+ return null;
116
+ }
117
+ }
118
+ function writeAllCredentials(store) {
119
+ ensureLearnDir();
120
+ const credPath = getCredentialsPath();
121
+ const data = JSON.stringify(store, null, 2);
122
+ fs.writeFileSync(credPath, data, { mode: 384 });
123
+ }
124
+ function readSDKCredentials(sdkName) {
125
+ const store = readAllCredentials();
126
+ if (!store) {
127
+ return null;
128
+ }
129
+ return store[sdkName] || null;
130
+ }
131
+ function writeSDKCredentials(sdkName, creds) {
132
+ const store = readAllCredentials() || {};
133
+ store[sdkName] = creds;
134
+ writeAllCredentials(store);
135
+ }
136
+
137
+ // src/cli/commands/login.ts
138
+ import { exec as exec2 } from "child_process";
139
+ import { promisify as promisify2 } from "util";
140
+ var execAsync2 = promisify2(exec2);
141
+ var SDK_NAME = "learn-auth-sdk";
142
+ async function openBrowser(url) {
143
+ const platform2 = process.platform;
144
+ try {
145
+ if (platform2 === "darwin") {
146
+ await execAsync2(`open "${url}"`);
147
+ } else if (platform2 === "win32") {
148
+ await execAsync2(`start "${url}"`);
149
+ } else {
150
+ await execAsync2(`xdg-open "${url}"`);
151
+ }
152
+ } catch (err) {
153
+ console.error("Failed to open browser:", err);
154
+ }
155
+ }
156
+ function sleep(ms) {
157
+ return new Promise((resolve) => setTimeout(resolve, ms));
158
+ }
159
+ async function loginCommand(options = {}) {
160
+ const baseUrl = options.baseUrl || "https://ctklearn.carsontkempf.workers.dev";
161
+ try {
162
+ console.log(`Authenticating with Learn (${SDK_NAME})...
163
+ `);
164
+ const machineInfo = await getMachineId();
165
+ const existingCreds = readSDKCredentials(SDK_NAME);
166
+ if (existingCreds && existingCreds.access_token) {
167
+ const checkResponse = await fetch(`${baseUrl}/api/auth/cli/check-authorization`, {
168
+ method: "POST",
169
+ headers: {
170
+ "Content-Type": "application/json"
171
+ },
172
+ body: JSON.stringify({
173
+ machine_id: machineInfo.machineId,
174
+ sdk_name: SDK_NAME
175
+ })
176
+ });
177
+ if (checkResponse.ok) {
178
+ const checkData = await checkResponse.json();
179
+ if (checkData.authorized) {
180
+ console.log("This machine is already authorized.");
181
+ console.log(`Logged in as: ${checkData.user_email || checkData.user_id}`);
182
+ return;
183
+ }
184
+ }
185
+ }
186
+ const deviceResponse = await fetch(`${baseUrl}/api/auth/cli/device`, {
187
+ method: "POST",
188
+ headers: {
189
+ "Content-Type": "application/json"
190
+ }
191
+ });
192
+ if (!deviceResponse.ok) {
193
+ throw new Error("Failed to generate device code");
194
+ }
195
+ const deviceData = await deviceResponse.json();
196
+ console.log("\nTo authorize this device:");
197
+ console.log(`1. Visit: ${deviceData.verification_uri}`);
198
+ console.log(`2. Enter code: ${deviceData.user_code}`);
199
+ console.log(`3. Complete 2FA verification`);
200
+ console.log("\nOpening browser...\n");
201
+ await openBrowser(deviceData.verification_uri_complete);
202
+ let deviceAuthorized = false;
203
+ const interval = deviceData.interval * 1e3;
204
+ const maxAttempts = Math.ceil(deviceData.expires_in / deviceData.interval);
205
+ let attempts = 0;
206
+ while (attempts < maxAttempts) {
207
+ await sleep(interval);
208
+ attempts++;
209
+ const tokenResponse = await fetch(`${baseUrl}/api/auth/cli/token`, {
210
+ method: "POST",
211
+ headers: {
212
+ "Content-Type": "application/json"
213
+ },
214
+ body: JSON.stringify({
215
+ device_code: deviceData.device_code
216
+ })
217
+ });
218
+ if (tokenResponse.status === 202) {
219
+ process.stdout.write(".");
220
+ continue;
221
+ }
222
+ if (tokenResponse.ok) {
223
+ deviceAuthorized = true;
224
+ break;
225
+ }
226
+ }
227
+ if (!deviceAuthorized) {
228
+ throw new Error("Device authorization timeout");
229
+ }
230
+ console.log("\n\nDevice authorized! Sending 2FA code...");
231
+ const tfaResponse = await fetch(`${baseUrl}/api/auth/2fa/send`, {
232
+ method: "POST",
233
+ headers: {
234
+ "Content-Type": "application/json"
235
+ },
236
+ body: JSON.stringify({
237
+ device_code: deviceData.device_code,
238
+ sdk_name: SDK_NAME,
239
+ machine_id: machineInfo.machineId
240
+ })
241
+ });
242
+ if (!tfaResponse.ok) {
243
+ const errorData = await tfaResponse.json().catch(() => ({}));
244
+ throw new Error(errorData.message || "Failed to send 2FA code");
245
+ }
246
+ console.log("2FA code sent to your email.\n");
247
+ const readline = await import("readline");
248
+ const rl = readline.createInterface({
249
+ input: process.stdin,
250
+ output: process.stdout
251
+ });
252
+ const tfaCode = await new Promise((resolve) => {
253
+ rl.question("Enter 2FA code from email: ", (answer) => {
254
+ rl.close();
255
+ resolve(answer);
256
+ });
257
+ });
258
+ const verifyResponse = await fetch(`${baseUrl}/api/auth/2fa/verify`, {
259
+ method: "POST",
260
+ headers: {
261
+ "Content-Type": "application/json"
262
+ },
263
+ body: JSON.stringify({
264
+ device_code: deviceData.device_code,
265
+ code: tfaCode.trim()
266
+ })
267
+ });
268
+ if (!verifyResponse.ok) {
269
+ const errorData = await verifyResponse.json().catch(() => ({}));
270
+ throw new Error(errorData.message || "2FA verification failed");
271
+ }
272
+ const tokenData = await verifyResponse.json();
273
+ writeSDKCredentials(SDK_NAME, {
274
+ access_token: tokenData.access_token,
275
+ refresh_token: null,
276
+ expires_at: null,
277
+ user_id: tokenData.user_id,
278
+ machine_id: machineInfo.machineId,
279
+ sdk_name: SDK_NAME,
280
+ authorized_at: (/* @__PURE__ */ new Date()).toISOString()
281
+ });
282
+ console.log("\nAuthentication successful!");
283
+ console.log(`Logged in as: ${tokenData.user_email || tokenData.user_id}`);
284
+ console.log("This machine is now permanently authorized.\n");
285
+ } catch (error) {
286
+ console.error("\nLogin failed:", error.message);
287
+ process.exit(1);
288
+ }
289
+ }
290
+
291
+ // src/cli/commands/init.ts
292
+ import fs2 from "fs";
293
+ async function initCommand() {
294
+ const defaultConfig = { roles: [], protectedPages: [] };
295
+ fs2.writeFileSync("auth-config.json", JSON.stringify(defaultConfig, null, 2));
296
+ console.log("Initialized auth-config.json");
297
+ }
298
+
299
+ // src/cli/commands/config.ts
300
+ import fs3 from "fs";
301
+ async function configCommand(options) {
302
+ const configFile = "auth-config.json";
303
+ if (!fs3.existsSync(configFile)) {
304
+ console.error("Run learn-auth init first.");
305
+ return;
306
+ }
307
+ const config = JSON.parse(fs3.readFileSync(configFile, "utf8"));
308
+ if (options.roles) {
309
+ config.roles = options.roles.split(",").map((r) => r.trim());
310
+ console.log("Updated roles:", config.roles);
311
+ }
312
+ if (options.protect && options.allowedRoles) {
313
+ const roles = options.allowedRoles.split(",").map((r) => r.trim());
314
+ const existing = config.protectedPages.find((p) => p.pattern === options.protect);
315
+ if (existing) {
316
+ existing.allowedRoles = roles;
317
+ } else {
318
+ config.protectedPages.push({ pattern: options.protect, allowedRoles: roles });
319
+ }
320
+ console.log("Updated protected pages for:", options.protect);
321
+ }
322
+ fs3.writeFileSync(configFile, JSON.stringify(config, null, 2));
323
+ }
324
+
325
+ // src/cli/commands/deploy.ts
326
+ import fs4 from "fs";
327
+ async function deployCommand() {
328
+ if (!fs4.existsSync("auth-config.json")) {
329
+ console.error("Run learn-auth init first.");
330
+ return;
331
+ }
332
+ const config = JSON.parse(fs4.readFileSync("auth-config.json", "utf8"));
333
+ console.log("Deploying config to backend:", config);
334
+ }
335
+
336
+ // src/cli/index.ts
337
+ var program = new Command();
338
+ program.name("learn-auth").description("CLI tool for managing Auth settings").version("0.1.0");
339
+ program.command("login").description("Authenticate via browser").action(loginCommand);
340
+ program.command("init").description("Initialize auth config").action(initCommand);
341
+ program.command("config").description("Configure roles and protected pages").option("--roles <roles>", "Comma separated roles").option("--protect <page>", "Page URL to protect").option("--allowed-roles <roles>", "Roles allowed to view protected page").action(configCommand);
342
+ program.command("deploy").description("Deploy auth config live").action(deployCommand);
343
+ program.parse(process.argv);
package/dist/index.d.ts CHANGED
@@ -18,6 +18,20 @@ interface Session {
18
18
  expiresAt: Date;
19
19
  };
20
20
  }
21
+ interface CLICredentials {
22
+ access_token: string;
23
+ refresh_token: string | null;
24
+ expires_at: string | null;
25
+ user_id: string;
26
+ machine_id?: string;
27
+ sdk_name?: string;
28
+ authorized_at?: string;
29
+ }
30
+ interface SDKCredentialsStore {
31
+ 'learn-secrets-sdk'?: CLICredentials;
32
+ 'learn-auth-sdk'?: CLICredentials;
33
+ }
34
+ type SDKName = 'learn-secrets-sdk' | 'learn-auth-sdk';
21
35
 
22
36
  declare class AuthSDK {
23
37
  private client;
@@ -167,4 +181,43 @@ declare class AuthSDK {
167
181
  getRoles(): Promise<string[]>;
168
182
  }
169
183
 
170
- export { AuthSDK, type AuthSDKConfig, type Session, type User };
184
+ /**
185
+ * Machine ID Generation
186
+ * Cross-platform machine identification for CLI authentication
187
+ */
188
+ interface MachineInfo {
189
+ machineId: string;
190
+ fingerprint: string;
191
+ }
192
+ /**
193
+ * Get a unique machine identifier
194
+ * This ID persists across reboots and SDK reinstalls
195
+ */
196
+ declare function getMachineId(): Promise<MachineInfo>;
197
+
198
+ /**
199
+ * Read all credentials from file (SDK-keyed format)
200
+ */
201
+ declare function readAllCredentials(): SDKCredentialsStore | null;
202
+ /**
203
+ * Write all credentials to file (SDK-keyed format)
204
+ */
205
+ declare function writeAllCredentials(store: SDKCredentialsStore): void;
206
+ /**
207
+ * Read credentials for a specific SDK
208
+ */
209
+ declare function readSDKCredentials(sdkName: SDKName): CLICredentials | null;
210
+ /**
211
+ * Write credentials for a specific SDK
212
+ */
213
+ declare function writeSDKCredentials(sdkName: SDKName, creds: CLICredentials): void;
214
+ /**
215
+ * Delete credentials for a specific SDK
216
+ */
217
+ declare function deleteSDKCredentials(sdkName: SDKName): void;
218
+ /**
219
+ * Check if credentials exist for a specific SDK
220
+ */
221
+ declare function hasSDKCredentials(sdkName: SDKName): boolean;
222
+
223
+ export { AuthSDK, type AuthSDKConfig, type CLICredentials, type MachineInfo, type SDKCredentialsStore, type SDKName, type Session, type User, deleteSDKCredentials, getMachineId, hasSDKCredentials, readAllCredentials, readSDKCredentials, writeAllCredentials, writeSDKCredentials };
@@ -1,3 +1,4 @@
1
- "use strict";var AuthSDK=(()=>{var X=Object.defineProperty;var Ge=Object.getOwnPropertyDescriptor;var $e=Object.getOwnPropertyNames;var ze=Object.prototype.hasOwnProperty;var Je=(e,t)=>{for(var r in t)X(e,r,{get:t[r],enumerable:!0})},Qe=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of $e(t))!ze.call(e,o)&&o!==r&&X(e,o,{get:()=>t[o],enumerable:!(n=Ge(t,o))||n.enumerable});return e};var Xe=e=>Qe(X({},"__esModule",{value:!0}),e);var Qt={};Je(Qt,{AuthSDK:()=>fe});var pe="1.6.9";var he=pe;var K=Symbol.for("better-auth:broadcast-channel"),Ke=()=>Math.floor(Date.now()/1e3),Ze=class{listeners=new Set;name;constructor(e="better-auth.message"){this.name=e}subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}post(e){if(!(typeof window>"u"))try{localStorage.setItem(this.name,JSON.stringify({...e,timestamp:Ke()}))}catch{}}setup(){if(typeof window>"u"||typeof window.addEventListener>"u")return()=>{};let e=t=>{if(t.key!==this.name)return;let r=JSON.parse(t.newValue??"{}");r?.event!=="session"||!r?.data||this.listeners.forEach(n=>n(r))};return window.addEventListener("storage",e),()=>{window.removeEventListener("storage",e)}}};function q(e="better-auth.message"){return globalThis[K]||(globalThis[K]=new Ze(e)),globalThis[K]}var Z=Symbol.for("better-auth:focus-manager"),et=class{listeners=new Set;subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}setFocused(e){this.listeners.forEach(t=>t(e))}setup(){if(typeof window>"u"||typeof document>"u"||typeof window.addEventListener>"u")return()=>{};let e=()=>{document.visibilityState==="visible"&&this.setFocused(!0)};return document.addEventListener("visibilitychange",e,!1),()=>{document.removeEventListener("visibilitychange",e,!1)}}};function ee(){return globalThis[Z]||(globalThis[Z]=new et),globalThis[Z]}var te=Symbol.for("better-auth:online-manager"),tt=class{listeners=new Set;isOnline=typeof navigator<"u"?navigator.onLine:!0;subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}setOnline(e){this.isOnline=e,this.listeners.forEach(t=>t(e))}setup(){if(typeof window>"u"||typeof window.addEventListener>"u")return()=>{};let e=()=>this.setOnline(!0),t=()=>this.setOnline(!1);return window.addEventListener("online",e,!1),window.addEventListener("offline",t,!1),()=>{window.removeEventListener("online",e,!1),window.removeEventListener("offline",t,!1)}}};function W(){return globalThis[te]||(globalThis[te]=new tt),globalThis[te]}var rt={proto:/"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/,constructor:/"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/,protoShort:/"__proto__"\s*:/,constructorShort:/"constructor"\s*:/},nt=/^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?([Ee][+-]?\d+)?\s*$/,me={true:!0,false:!1,null:null,undefined:void 0,nan:NaN,infinity:Number.POSITIVE_INFINITY,"-infinity":Number.NEGATIVE_INFINITY},ot=/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:\.(\d{1,7}))?(?:Z|([+-])(\d{2}):(\d{2}))$/;function st(e){return e instanceof Date&&!isNaN(e.getTime())}function it(e){let t=ot.exec(e);if(!t)return null;let[,r,n,o,s,i,c,a,u,l,d]=t,p=new Date(Date.UTC(parseInt(r,10),parseInt(n,10)-1,parseInt(o,10),parseInt(s,10),parseInt(i,10),parseInt(c,10),a?parseInt(a.padEnd(3,"0"),10):0));if(u){let E=(parseInt(l,10)*60+parseInt(d,10))*(u==="+"?-1:1);p.setUTCMinutes(p.getUTCMinutes()+E)}return st(p)?p:null}function at(e,t={}){let{strict:r=!1,warnings:n=!1,reviver:o,parseDates:s=!0}=t;if(typeof e!="string")return e;let i=e.trim();if(i.length>0&&i[0]==='"'&&i.endsWith('"')&&!i.slice(1,-1).includes('"'))return i.slice(1,-1);let c=i.toLowerCase();if(c.length<=9&&c in me)return me[c];if(!nt.test(i)){if(r)throw new SyntaxError("[better-json] Invalid JSON");return e}if(Object.entries(rt).some(([a,u])=>{let l=u.test(i);return l&&n&&console.warn(`[better-json] Detected potential prototype pollution attempt using ${a} pattern`),l})&&r)throw new Error("[better-json] Potential prototype pollution attempt detected");try{return JSON.parse(i,(u,l)=>{if(u==="__proto__"||u==="constructor"&&l&&typeof l=="object"&&"prototype"in l){n&&console.warn(`[better-json] Dropping "${u}" key to prevent prototype pollution`);return}if(s&&typeof l=="string"){let d=it(l);if(d)return d}return o?o(u,l):l})}catch(a){if(r)throw a;return e}}function Ee(e,t={strict:!0}){return at(e,t)}var k=Symbol("clean");var v=[],I=0,V=4,lt=globalThis.nanostoresGlobal||={epoch:0},B=e=>{let t=[],r={get(){return r.lc||r.listen(()=>{})(),r.value},init:e,lc:0,listen(n){return r.lc=t.push(n),()=>{for(let s=I+V;s<v.length;)v[s]===n?v.splice(s,V):s+=V;let o=t.indexOf(n);~o&&(t.splice(o,1),--r.lc||r.off())}},notify(n,o){lt.epoch++;let s=!v.length;for(let i of t)v.push(i,r.value,n,o);if(s){for(I=0;I<v.length;I+=V)v[I](v[I+1],v[I+2],v[I+3]);v.length=0}},off(){},set(n){let o=r.value;o!==n&&(r.value=n,r.notify(o))},subscribe(n){let o=r.listen(n);return n(r.value),o},value:e};return process.env.NODE_ENV!=="production"&&(r[k]=()=>{t=[],r.lc=0,r.off()}),r};var ut=5,M=6,G=10,ct=(e,t,r,n)=>(e.events=e.events||{},e.events[r+G]||(e.events[r+G]=n(o=>{e.events[r].reduceRight((s,i)=>(i(s),s),{shared:{},...o})})),e.events[r]=e.events[r]||[],e.events[r].push(t),()=>{let o=e.events[r],s=o.indexOf(t);o.splice(s,1),o.length||(delete e.events[r],e.events[r+G](),delete e.events[r+G])});var _e=1e3,Y=(e,t)=>ct(e,n=>{let o=t(n);o&&e.events[M].push(o)},ut,n=>{let o=e.listen;e.listen=(...i)=>(!e.lc&&!e.active&&(e.active=!0,n()),o(...i));let s=e.off;if(e.events[M]=[],e.off=()=>{s(),setTimeout(()=>{if(e.active&&!e.lc){e.active=!1;for(let i of e.events[M])i();e.events[M]=[]}},_e)},process.env.NODE_ENV!=="production"){let i=e[k];e[k]=()=>{for(let c of e.events[M])c();e.events[M]=[],e.active=!1,i()}}return()=>{e.listen=o,e.off=s}});var ft=()=>typeof window>"u",Re=(e,t,r,n)=>{let o=B({data:null,error:null,isPending:!0,isRefetching:!1,refetch:c=>s(c)}),s=async c=>new Promise(a=>{let u=typeof n=="function"?n({data:o.get().data,error:o.get().error,isPending:o.get().isPending}):n;r(t,{...u,query:{...u?.query,...c?.query},async onSuccess(l){o.set({data:l.data,error:null,isPending:!1,isRefetching:!1,refetch:o.value.refetch}),await u?.onSuccess?.(l)},async onError(l){let{request:d}=l,p=typeof d.retry=="number"?d.retry:d.retry?.attempts,E=d.retryAttempt||0;if(p&&E<p)return;let y=l.error.status===401;o.set({error:l.error,data:y?null:o.get().data,isPending:!1,isRefetching:!1,refetch:o.value.refetch}),await u?.onError?.(l)},async onRequest(l){let d=o.get();o.set({isPending:d.data===null,data:d.data,error:null,isRefetching:!0,refetch:o.value.refetch}),await u?.onRequest?.(l)}}).catch(l=>{o.set({error:l,data:o.get().data,isPending:!1,isRefetching:!1,refetch:o.value.refetch})}).finally(()=>{a(void 0)})});e=Array.isArray(e)?e:[e];let i=!1;for(let c of e)c.subscribe(async()=>{ft()||(i?await s():Y(o,()=>{let a=setTimeout(async()=>{i||(i=!0,await s())},0);return()=>{o.off(),c.off(),clearTimeout(a)}}))});return o};var F=()=>Math.floor(Date.now()/1e3);function ye(e){return typeof e=="object"&&e!==null&&"data"in e&&"error"in e?e:{data:e,error:null}}var dt=5;function Oe(e){let{sessionAtom:t,sessionSignal:r,$fetch:n,options:o={}}=e,s=o.sessionOptions?.refetchInterval??0,i=o.sessionOptions?.refetchOnWindowFocus??!0,c=o.sessionOptions?.refetchWhenOffline??!1,a={lastSync:0,lastSessionRequest:0,cachedSession:void 0},u=()=>c||W().isOnline,l=_=>{if(!u())return;if(_?.event==="storage"){a.lastSync=F(),r.set(!r.get());return}let O=t.get(),m=()=>{a.lastSessionRequest=F(),n("/get-session").then(async f=>{let{data:h,error:D}=ye(f);if(h?.needsRefresh)try{let x=await n("/get-session",{method:"POST"});({data:h,error:D}=ye(x))}catch{}let J=h?.session&&h?.user?h:null;t.set({...O,data:J,error:D}),a.lastSync=F(),r.set(!r.get())}).catch(()=>{})};if(_?.event==="poll"){m();return}if(_?.event==="visibilitychange"){if(F()-a.lastSessionRequest<dt)return;a.lastSessionRequest=F()}if(_?.event==="visibilitychange"){m();return}(O?.data===null||O?.data===void 0)&&(a.lastSync=F(),r.set(!r.get()))},d=_=>{q().post({event:"session",data:{trigger:_},clientId:Math.random().toString(36).substring(7)})},p=()=>{s&&s>0&&(a.pollInterval=setInterval(()=>{t.get()?.data&&l({event:"poll"})},s*1e3))},E=()=>{a.unsubscribeBroadcast=q().subscribe(()=>{l({event:"storage"})})},y=()=>{i&&(a.unsubscribeFocus=ee().subscribe(()=>{l({event:"visibilitychange"})}))},N=()=>{a.unsubscribeOnline=W().subscribe(_=>{_&&l({event:"visibilitychange"})})};return{init:()=>{p(),E(),y(),N(),q().setup(),ee().setup(),W().setup()},cleanup:()=>{a.pollInterval&&(clearInterval(a.pollInterval),a.pollInterval=void 0),a.unsubscribeBroadcast&&(a.unsubscribeBroadcast(),a.unsubscribeBroadcast=void 0),a.unsubscribeFocus&&(a.unsubscribeFocus(),a.unsubscribeFocus=void 0),a.unsubscribeOnline&&(a.unsubscribeOnline(),a.unsubscribeOnline=void 0),a.lastSync=0,a.lastSessionRequest=0,a.cachedSession=void 0},triggerRefetch:l,broadcastSessionUpdate:d}}var $=Object.create(null),j=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?$:globalThis),L=new Proxy($,{get(e,t){return j()[t]??$[t]},has(e,t){return t in j()||t in $},set(e,t,r){let n=j(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=j(!0);return delete r[t],!0},ownKeys(){let e=j(!0);return Object.keys(e)}});var pt=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";function P(e,t){return typeof process<"u"&&process.env?process.env[e]??t:typeof Deno<"u"?Deno.env.get(e)??t:typeof Bun<"u"?Bun.env[e]??t:t}var ht=Object.freeze({get BETTER_AUTH_SECRET(){return P("BETTER_AUTH_SECRET")},get AUTH_SECRET(){return P("AUTH_SECRET")},get BETTER_AUTH_TELEMETRY(){return P("BETTER_AUTH_TELEMETRY")},get BETTER_AUTH_TELEMETRY_ID(){return P("BETTER_AUTH_TELEMETRY_ID")},get NODE_ENV(){return P("NODE_ENV","development")},get PACKAGE_VERSION(){return P("PACKAGE_VERSION","0.0.0")},get BETTER_AUTH_TELEMETRY_ENDPOINT(){return P("BETTER_AUTH_TELEMETRY_ENDPOINT","")}});function ge(e){return Object.fromEntries(Object.entries(e).map(([t,r])=>[t,{code:t,message:r,toString:()=>t}]))}function mt(){let e=Object.getOwnPropertyDescriptor(Error,"stackTraceLimit");return e===void 0?Object.isExtensible(Error):Object.prototype.hasOwnProperty.call(e,"writable")?e.writable:e.set!==void 0}function Et(e){let t=e.split(`
1
+ "use strict";var AuthSDK=(()=>{var ft=Object.create;var K=Object.defineProperty;var dt=Object.getOwnPropertyDescriptor;var pt=Object.getOwnPropertyNames;var mt=Object.getPrototypeOf,ht=Object.prototype.hasOwnProperty;var k=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var Et=(e,t)=>{for(var r in t)K(e,r,{get:t[r],enumerable:!0})},we=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of pt(t))!ht.call(e,o)&&o!==r&&K(e,o,{get:()=>t[o],enumerable:!(n=dt(t,o))||n.enumerable});return e};var J=(e,t,r)=>(r=e!=null?ft(mt(e)):{},we(t||!e||!e.__esModule?K(r,"default",{value:e,enumerable:!0}):r,e)),yt=e=>we(K({},"__esModule",{value:!0}),e);var Or={};Et(Or,{AuthSDK:()=>_e,deleteSDKCredentials:()=>at,getMachineId:()=>st,hasSDKCredentials:()=>lt,readAllCredentials:()=>$,readSDKCredentials:()=>Te,writeAllCredentials:()=>ne,writeSDKCredentials:()=>it});var Ae="1.6.9";var be=Ae;var ie=Symbol.for("better-auth:broadcast-channel"),gt=()=>Math.floor(Date.now()/1e3),_t=class{listeners=new Set;name;constructor(e="better-auth.message"){this.name=e}subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}post(e){if(!(typeof window>"u"))try{localStorage.setItem(this.name,JSON.stringify({...e,timestamp:gt()}))}catch{}}setup(){if(typeof window>"u"||typeof window.addEventListener>"u")return()=>{};let e=t=>{if(t.key!==this.name)return;let r=JSON.parse(t.newValue??"{}");r?.event!=="session"||!r?.data||this.listeners.forEach(n=>n(r))};return window.addEventListener("storage",e),()=>{window.removeEventListener("storage",e)}}};function z(e="better-auth.message"){return globalThis[ie]||(globalThis[ie]=new _t(e)),globalThis[ie]}var ae=Symbol.for("better-auth:focus-manager"),Rt=class{listeners=new Set;subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}setFocused(e){this.listeners.forEach(t=>t(e))}setup(){if(typeof window>"u"||typeof document>"u"||typeof window.addEventListener>"u")return()=>{};let e=()=>{document.visibilityState==="visible"&&this.setFocused(!0)};return document.addEventListener("visibilitychange",e,!1),()=>{document.removeEventListener("visibilitychange",e,!1)}}};function le(){return globalThis[ae]||(globalThis[ae]=new Rt),globalThis[ae]}var ce=Symbol.for("better-auth:online-manager"),Ot=class{listeners=new Set;isOnline=typeof navigator<"u"?navigator.onLine:!0;subscribe(e){return this.listeners.add(e),()=>{this.listeners.delete(e)}}setOnline(e){this.isOnline=e,this.listeners.forEach(t=>t(e))}setup(){if(typeof window>"u"||typeof window.addEventListener>"u")return()=>{};let e=()=>this.setOnline(!0),t=()=>this.setOnline(!1);return window.addEventListener("online",e,!1),window.addEventListener("offline",t,!1),()=>{window.removeEventListener("online",e,!1),window.removeEventListener("offline",t,!1)}}};function Q(){return globalThis[ce]||(globalThis[ce]=new Ot),globalThis[ce]}var St={proto:/"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/,constructor:/"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/,protoShort:/"__proto__"\s*:/,constructorShort:/"constructor"\s*:/},Tt=/^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?([Ee][+-]?\d+)?\s*$/,Ue={true:!0,false:!1,null:null,undefined:void 0,nan:NaN,infinity:Number.POSITIVE_INFINITY,"-infinity":Number.NEGATIVE_INFINITY},vt=/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:\.(\d{1,7}))?(?:Z|([+-])(\d{2}):(\d{2}))$/;function wt(e){return e instanceof Date&&!isNaN(e.getTime())}function At(e){let t=vt.exec(e);if(!t)return null;let[,r,n,o,s,i,u,a,c,l,d]=t,p=new Date(Date.UTC(parseInt(r,10),parseInt(n,10)-1,parseInt(o,10),parseInt(s,10),parseInt(i,10),parseInt(u,10),a?parseInt(a.padEnd(3,"0"),10):0));if(c){let E=(parseInt(l,10)*60+parseInt(d,10))*(c==="+"?-1:1);p.setUTCMinutes(p.getUTCMinutes()+E)}return wt(p)?p:null}function bt(e,t={}){let{strict:r=!1,warnings:n=!1,reviver:o,parseDates:s=!0}=t;if(typeof e!="string")return e;let i=e.trim();if(i.length>0&&i[0]==='"'&&i.endsWith('"')&&!i.slice(1,-1).includes('"'))return i.slice(1,-1);let u=i.toLowerCase();if(u.length<=9&&u in Ue)return Ue[u];if(!Tt.test(i)){if(r)throw new SyntaxError("[better-json] Invalid JSON");return e}if(Object.entries(St).some(([a,c])=>{let l=c.test(i);return l&&n&&console.warn(`[better-json] Detected potential prototype pollution attempt using ${a} pattern`),l})&&r)throw new Error("[better-json] Potential prototype pollution attempt detected");try{return JSON.parse(i,(c,l)=>{if(c==="__proto__"||c==="constructor"&&l&&typeof l=="object"&&"prototype"in l){n&&console.warn(`[better-json] Dropping "${c}" key to prevent prototype pollution`);return}if(s&&typeof l=="string"){let d=At(l);if(d)return d}return o?o(c,l):l})}catch(a){if(r)throw a;return e}}function Le(e,t={strict:!0}){return bt(e,t)}var Y=Symbol("clean");var w=[],C=0,X=4,Ut=globalThis.nanostoresGlobal||={epoch:0},H=e=>{let t=[],r={get(){return r.lc||r.listen(()=>{})(),r.value},init:e,lc:0,listen(n){return r.lc=t.push(n),()=>{for(let s=C+X;s<w.length;)w[s]===n?w.splice(s,X):s+=X;let o=t.indexOf(n);~o&&(t.splice(o,1),--r.lc||r.off())}},notify(n,o){Ut.epoch++;let s=!w.length;for(let i of t)w.push(i,r.value,n,o);if(s){for(C=0;C<w.length;C+=X)w[C](w[C+1],w[C+2],w[C+3]);w.length=0}},off(){},set(n){let o=r.value;o!==n&&(r.value=n,r.notify(o))},subscribe(n){let o=r.listen(n);return n(r.value),o},value:e};return process.env.NODE_ENV!=="production"&&(r[Y]=()=>{t=[],r.lc=0,r.off()}),r};var Lt=5,B=6,Z=10,It=(e,t,r,n)=>(e.events=e.events||{},e.events[r+Z]||(e.events[r+Z]=n(o=>{e.events[r].reduceRight((s,i)=>(i(s),s),{shared:{},...o})})),e.events[r]=e.events[r]||[],e.events[r].push(t),()=>{let o=e.events[r],s=o.indexOf(t);o.splice(s,1),o.length||(delete e.events[r],e.events[r+Z](),delete e.events[r+Z])});var Ie=1e3,W=(e,t)=>It(e,n=>{let o=t(n);o&&e.events[B].push(o)},Lt,n=>{let o=e.listen;e.listen=(...i)=>(!e.lc&&!e.active&&(e.active=!0,n()),o(...i));let s=e.off;if(e.events[B]=[],e.off=()=>{s(),setTimeout(()=>{if(e.active&&!e.lc){e.active=!1;for(let i of e.events[B])i();e.events[B]=[]}},Ie)},process.env.NODE_ENV!=="production"){let i=e[Y];e[Y]=()=>{for(let u of e.events[B])u();e.events[B]=[],e.active=!1,i()}}return()=>{e.listen=o,e.off=s}});var Nt=()=>typeof window>"u",Ne=(e,t,r,n)=>{let o=H({data:null,error:null,isPending:!0,isRefetching:!1,refetch:u=>s(u)}),s=async u=>new Promise(a=>{let c=typeof n=="function"?n({data:o.get().data,error:o.get().error,isPending:o.get().isPending}):n;r(t,{...c,query:{...c?.query,...u?.query},async onSuccess(l){o.set({data:l.data,error:null,isPending:!1,isRefetching:!1,refetch:o.value.refetch}),await c?.onSuccess?.(l)},async onError(l){let{request:d}=l,p=typeof d.retry=="number"?d.retry:d.retry?.attempts,E=d.retryAttempt||0;if(p&&E<p)return;let _=l.error.status===401;o.set({error:l.error,data:_?null:o.get().data,isPending:!1,isRefetching:!1,refetch:o.value.refetch}),await c?.onError?.(l)},async onRequest(l){let d=o.get();o.set({isPending:d.data===null,data:d.data,error:null,isRefetching:!0,refetch:o.value.refetch}),await c?.onRequest?.(l)}}).catch(l=>{o.set({error:l,data:o.get().data,isPending:!1,isRefetching:!1,refetch:o.value.refetch})}).finally(()=>{a(void 0)})});e=Array.isArray(e)?e:[e];let i=!1;for(let u of e)u.subscribe(async()=>{Nt()||(i?await s():W(o,()=>{let a=setTimeout(async()=>{i||(i=!0,await s())},0);return()=>{o.off(),u.off(),clearTimeout(a)}}))});return o};var j=()=>Math.floor(Date.now()/1e3);function Ce(e){return typeof e=="object"&&e!==null&&"data"in e&&"error"in e?e:{data:e,error:null}}var Ct=5;function Pe(e){let{sessionAtom:t,sessionSignal:r,$fetch:n,options:o={}}=e,s=o.sessionOptions?.refetchInterval??0,i=o.sessionOptions?.refetchOnWindowFocus??!0,u=o.sessionOptions?.refetchWhenOffline??!1,a={lastSync:0,lastSessionRequest:0,cachedSession:void 0},c=()=>u||Q().isOnline,l=y=>{if(!c())return;if(y?.event==="storage"){a.lastSync=j(),r.set(!r.get());return}let R=t.get(),h=()=>{a.lastSessionRequest=j(),n("/get-session").then(async f=>{let{data:m,error:M}=Ce(f);if(m?.needsRefresh)try{let F=await n("/get-session",{method:"POST"});({data:m,error:M}=Ce(F))}catch{}let oe=m?.session&&m?.user?m:null;t.set({...R,data:oe,error:M}),a.lastSync=j(),r.set(!r.get())}).catch(()=>{})};if(y?.event==="poll"){h();return}if(y?.event==="visibilitychange"){if(j()-a.lastSessionRequest<Ct)return;a.lastSessionRequest=j()}if(y?.event==="visibilitychange"){h();return}(R?.data===null||R?.data===void 0)&&(a.lastSync=j(),r.set(!r.get()))},d=y=>{z().post({event:"session",data:{trigger:y},clientId:Math.random().toString(36).substring(7)})},p=()=>{s&&s>0&&(a.pollInterval=setInterval(()=>{t.get()?.data&&l({event:"poll"})},s*1e3))},E=()=>{a.unsubscribeBroadcast=z().subscribe(()=>{l({event:"storage"})})},_=()=>{i&&(a.unsubscribeFocus=le().subscribe(()=>{l({event:"visibilitychange"})}))},N=()=>{a.unsubscribeOnline=Q().subscribe(y=>{y&&l({event:"visibilitychange"})})};return{init:()=>{p(),E(),_(),N(),z().setup(),le().setup(),Q().setup()},cleanup:()=>{a.pollInterval&&(clearInterval(a.pollInterval),a.pollInterval=void 0),a.unsubscribeBroadcast&&(a.unsubscribeBroadcast(),a.unsubscribeBroadcast=void 0),a.unsubscribeFocus&&(a.unsubscribeFocus(),a.unsubscribeFocus=void 0),a.unsubscribeOnline&&(a.unsubscribeOnline(),a.unsubscribeOnline=void 0),a.lastSync=0,a.lastSessionRequest=0,a.cachedSession=void 0},triggerRefetch:l,broadcastSessionUpdate:d}}var ee=Object.create(null),q=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?ee:globalThis),I=new Proxy(ee,{get(e,t){return q()[t]??ee[t]},has(e,t){return t in q()||t in ee},set(e,t,r){let n=q(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=q(!0);return delete r[t],!0},ownKeys(){let e=q(!0);return Object.keys(e)}});var Pt=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";function P(e,t){return typeof process<"u"&&process.env?process.env[e]??t:typeof Deno<"u"?Deno.env.get(e)??t:typeof Bun<"u"?Bun.env[e]??t:t}var Dt=Object.freeze({get BETTER_AUTH_SECRET(){return P("BETTER_AUTH_SECRET")},get AUTH_SECRET(){return P("AUTH_SECRET")},get BETTER_AUTH_TELEMETRY(){return P("BETTER_AUTH_TELEMETRY")},get BETTER_AUTH_TELEMETRY_ID(){return P("BETTER_AUTH_TELEMETRY_ID")},get NODE_ENV(){return P("NODE_ENV","development")},get PACKAGE_VERSION(){return P("PACKAGE_VERSION","0.0.0")},get BETTER_AUTH_TELEMETRY_ENDPOINT(){return P("BETTER_AUTH_TELEMETRY_ENDPOINT","")}});function De(e){return Object.fromEntries(Object.entries(e).map(([t,r])=>[t,{code:t,message:r,toString:()=>t}]))}function xt(){let e=Object.getOwnPropertyDescriptor(Error,"stackTraceLimit");return e===void 0?Object.isExtensible(Error):Object.prototype.hasOwnProperty.call(e,"writable")?e.writable:e.set!==void 0}function Mt(e){let t=e.split(`
2
2
  at `);return t.length<=1?e:(t.splice(1,1),t.join(`
3
- at `))}function _t(e,t){class r extends e{#e;constructor(...o){if(mt()){let i=Error.stackTraceLimit;Error.stackTraceLimit=0,super(...o),Error.stackTraceLimit=i}else super(...o);let s=new Error().stack;s&&(this.#e=Et(s.replace(/^Error/,this.name)))}get errorStack(){return this.#e}}return Object.defineProperty(r.prototype,"constructor",{get(){return t},enumerable:!1,configurable:!0}),r}var Rt={OK:200,CREATED:201,ACCEPTED:202,NO_CONTENT:204,MULTIPLE_CHOICES:300,MOVED_PERMANENTLY:301,FOUND:302,SEE_OTHER:303,NOT_MODIFIED:304,TEMPORARY_REDIRECT:307,BAD_REQUEST:400,UNAUTHORIZED:401,PAYMENT_REQUIRED:402,FORBIDDEN:403,NOT_FOUND:404,METHOD_NOT_ALLOWED:405,NOT_ACCEPTABLE:406,PROXY_AUTHENTICATION_REQUIRED:407,REQUEST_TIMEOUT:408,CONFLICT:409,GONE:410,LENGTH_REQUIRED:411,PRECONDITION_FAILED:412,PAYLOAD_TOO_LARGE:413,URI_TOO_LONG:414,UNSUPPORTED_MEDIA_TYPE:415,RANGE_NOT_SATISFIABLE:416,EXPECTATION_FAILED:417,"I'M_A_TEAPOT":418,MISDIRECTED_REQUEST:421,UNPROCESSABLE_ENTITY:422,LOCKED:423,FAILED_DEPENDENCY:424,TOO_EARLY:425,UPGRADE_REQUIRED:426,PRECONDITION_REQUIRED:428,TOO_MANY_REQUESTS:429,REQUEST_HEADER_FIELDS_TOO_LARGE:431,UNAVAILABLE_FOR_LEGAL_REASONS:451,INTERNAL_SERVER_ERROR:500,NOT_IMPLEMENTED:501,BAD_GATEWAY:502,SERVICE_UNAVAILABLE:503,GATEWAY_TIMEOUT:504,HTTP_VERSION_NOT_SUPPORTED:505,VARIANT_ALSO_NEGOTIATES:506,INSUFFICIENT_STORAGE:507,LOOP_DETECTED:508,NOT_EXTENDED:510,NETWORK_AUTHENTICATION_REQUIRED:511},yt=class extends Error{constructor(e="INTERNAL_SERVER_ERROR",t=void 0,r={},n=typeof e=="number"?e:Rt[e]){super(t?.message,t?.cause?{cause:t.cause}:void 0),this.status=e,this.body=t,this.headers=r,this.statusCode=n,this.name="APIError",this.status=e,this.headers=r,this.statusCode=n,this.body=t}};var Ot=_t(yt,Error);var C=class extends Error{constructor(e,t){super(e,t),this.name="BetterAuthError",this.message=e,this.stack=""}};function gt(e){try{return(new URL(e).pathname.replace(/\/+$/,"")||"/")!=="/"}catch{throw new C(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Tt(e){try{let t=new URL(e);if(t.protocol!=="http:"&&t.protocol!=="https:")throw new C(`Invalid base URL: ${e}. URL must include 'http://' or 'https://'`)}catch(t){throw t instanceof C?t:new C(`Invalid base URL: ${e}. Please provide a valid base URL.`,{cause:t})}}function H(e,t="/api/auth"){if(Tt(e),gt(e))return e;let r=e.replace(/\/+$/,"");return!t||t==="/"?r:(t=t.startsWith("/")?t:`/${t}`,`${r}${t}`)}function Te(e,t){return!e||e.trim()===""?!1:t==="proto"?e==="http"||e==="https":t==="host"?[/\.\./,/\0/,/[\s]/,/^[.]/,/[<>'"]/,/javascript:/i,/file:/i,/data:/i].some(r=>r.test(e))?!1:/^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?$/.test(e)||/^(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?$/.test(e)||/^\[[0-9a-fA-F:]+\](:[0-9]{1,5})?$/.test(e)||/^localhost(:[0-9]{1,5})?$/i.test(e):!1}function Se(e,t,r,n,o){if(e)return H(e,t);if(n!==!1){let c=L.BETTER_AUTH_URL||L.NEXT_PUBLIC_BETTER_AUTH_URL||L.PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_AUTH_URL||(L.BASE_URL!=="/"?L.BASE_URL:void 0);if(c)return H(c,t)}let s=r?.headers.get("x-forwarded-host"),i=r?.headers.get("x-forwarded-proto");if(s&&i&&o&&Te(i,"proto")&&Te(s,"host"))try{return H(`${i}://${s}`,t)}catch{}if(r){let c=St(r.url);if(!c)throw new C("Could not get origin from request. Please provide a valid base URL.");return H(c,t)}if(typeof window<"u"&&window.location)return H(window.location.origin,t)}function St(e){try{let t=new URL(e);return t.origin==="null"?null:t.origin}catch{return null}}var ve={id:"redirect",name:"Redirect",hooks:{onSuccess(e){if(e.data?.url&&e.data?.redirect&&typeof window<"u"&&window.location&&window.location)try{window.location.href=e.data.url}catch{}}}};function Ae(e,t){let r=B(!1),n=Re(r,"/get-session",e,{method:"GET"}),o=()=>{};return Y(n,()=>{let s=Oe({sessionAtom:n,sessionSignal:r,$fetch:e,options:t});return s.init(),o=s.broadcastSessionUpdate,()=>{s.cleanup()}}),{session:n,$sessionSignal:r,broadcastSessionUpdate:s=>o(s)}}function re(e){if(e===null||typeof e!="object")return!1;let t=Object.getPrototypeOf(e);return t!==null&&t!==Object.prototype&&Object.getPrototypeOf(t)!==null||Symbol.iterator in e?!1:Symbol.toStringTag in e?Object.prototype.toString.call(e)==="[object Module]":!0}function ne(e,t,r=".",n){if(!re(t))return ne(e,{},r,n);let o={...t};for(let s of Object.keys(e)){if(s==="__proto__"||s==="constructor")continue;let i=e[s];i!=null&&(n&&n(o,s,i,r)||(Array.isArray(i)&&Array.isArray(o[s])?o[s]=[...i,...o[s]]:re(i)&&re(o[s])?o[s]=ne(i,o[s],(r?`${r}.`:"")+s.toString(),n):o[s]=i))}return o}function oe(e){return(...t)=>t.reduce((r,n)=>ne(r,n,"",e),{})}var be=oe(),zr=oe((e,t,r)=>{if(e[t]!==void 0&&typeof r=="function")return e[t]=r(e[t]),!0}),Jr=oe((e,t,r)=>{if(Array.isArray(e[t])&&typeof r=="function")return e[t]=r(e[t]),!0});var vt=Object.defineProperty,At=Object.defineProperties,bt=Object.getOwnPropertyDescriptors,we=Object.getOwnPropertySymbols,wt=Object.prototype.hasOwnProperty,Ut=Object.prototype.propertyIsEnumerable,Ue=(e,t,r)=>t in e?vt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,A=(e,t)=>{for(var r in t||(t={}))wt.call(t,r)&&Ue(e,r,t[r]);if(we)for(var r of we(t))Ut.call(t,r)&&Ue(e,r,t[r]);return e},b=(e,t)=>At(e,bt(t)),Lt=class extends Error{constructor(e,t,r){super(t||e.toString(),{cause:r}),this.status=e,this.statusText=t,this.error=r,Error.captureStackTrace(this,this.constructor)}},Nt=async(e,t)=>{var r,n,o,s,i,c;let a=t||{},u={onRequest:[t?.onRequest],onResponse:[t?.onResponse],onSuccess:[t?.onSuccess],onError:[t?.onError],onRetry:[t?.onRetry]};if(!t||!t?.plugins)return{url:e,options:a,hooks:u};for(let l of t?.plugins||[]){if(l.init){let d=await((r=l.init)==null?void 0:r.call(l,e.toString(),t));a=d.options||a,e=d.url}u.onRequest.push((n=l.hooks)==null?void 0:n.onRequest),u.onResponse.push((o=l.hooks)==null?void 0:o.onResponse),u.onSuccess.push((s=l.hooks)==null?void 0:s.onSuccess),u.onError.push((i=l.hooks)==null?void 0:i.onError),u.onRetry.push((c=l.hooks)==null?void 0:c.onRetry)}return{url:e,options:a,hooks:u}},Le=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(){return this.options.delay}},It=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(e){return Math.min(this.options.maxDelay,this.options.baseDelay*2**e)}};function Pt(e){if(typeof e=="number")return new Le({type:"linear",attempts:e,delay:1e3});switch(e.type){case"linear":return new Le(e);case"exponential":return new It(e);default:throw new Error("Invalid retry strategy")}}var Ct=async e=>{let t={},r=async n=>typeof n=="function"?await n():n;if(e?.auth){if(e.auth.type==="Bearer"){let n=await r(e.auth.token);if(!n)return t;t.authorization=`Bearer ${n}`}else if(e.auth.type==="Basic"){let[n,o]=await Promise.all([r(e.auth.username),r(e.auth.password)]);if(!n||!o)return t;t.authorization=`Basic ${btoa(`${n}:${o}`)}`}else if(e.auth.type==="Custom"){let[n,o]=await Promise.all([r(e.auth.prefix),r(e.auth.value)]);if(!o)return t;t.authorization=`${n??""} ${o}`}}return t},Dt=/^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;function xt(e){let t=e.headers.get("content-type"),r=new Set(["image/svg","application/xml","application/xhtml","application/html"]);if(!t)return"json";let n=t.split(";").shift()||"";return Dt.test(n)?"json":r.has(n)||n.startsWith("text/")?"text":"blob"}function Mt(e){try{return JSON.parse(e),!0}catch{return!1}}function se(e){if(e===void 0)return!1;let t=typeof e;return t==="string"||t==="number"||t==="boolean"||t===null?!0:t!=="object"?!1:Array.isArray(e)?!0:e.buffer?!1:e.constructor&&e.constructor.name==="Object"||typeof e.toJSON=="function"}function Ne(e){try{return JSON.parse(e)}catch{return e}}function Ie(e){return typeof e=="function"}function Ft(e){if(e?.customFetchImpl)return e.customFetchImpl;if(typeof globalThis<"u"&&Ie(globalThis.fetch))return globalThis.fetch;if(typeof window<"u"&&Ie(window.fetch))return window.fetch;throw new Error("No fetch implementation found")}async function kt(e){let t=new Headers(e?.headers),r=await Ct(e);for(let[n,o]of Object.entries(r||{}))t.set(n,o);if(!t.has("content-type")){let n=Bt(e?.body);n&&t.set("content-type",n)}return t}function Bt(e){return se(e)?"application/json":null}function Yt(e){if(!e?.body)return null;let t=new Headers(e?.headers);if(se(e.body)&&!t.has("content-type")){for(let[r,n]of Object.entries(e?.body))n instanceof Date&&(e.body[r]=n.toISOString());return JSON.stringify(e.body)}return t.has("content-type")&&t.get("content-type")==="application/x-www-form-urlencoded"&&se(e.body)?new URLSearchParams(e.body).toString():e.body}function jt(e,t){var r;if(t?.method)return t.method.toUpperCase();if(e.startsWith("@")){let n=(r=e.split("@")[1])==null?void 0:r.split("/")[0];return Ce.includes(n)?n.toUpperCase():t?.body?"POST":"GET"}return t?.body?"POST":"GET"}function Ht(e,t){let r;return!e?.signal&&e?.timeout&&(r=setTimeout(()=>t?.abort(),e?.timeout)),{abortTimeout:r,clearTimeout:()=>{r&&clearTimeout(r)}}}var qt=class Pe extends Error{constructor(t,r){super(r||JSON.stringify(t,null,2)),this.issues=t,Object.setPrototypeOf(this,Pe.prototype)}};async function z(e,t){let r=await e["~standard"].validate(t);if(r.issues)throw new qt(r.issues);return r.value}var Ce=["get","post","put","patch","delete"];var Wt=e=>({id:"apply-schema",name:"Apply Schema",version:"1.0.0",async init(t,r){var n,o,s,i;let c=((o=(n=e.plugins)==null?void 0:n.find(a=>{var u;return(u=a.schema)!=null&&u.config?t.startsWith(a.schema.config.baseURL||"")||t.startsWith(a.schema.config.prefix||""):!1}))==null?void 0:o.schema)||e.schema;if(c){let a=t;(s=c.config)!=null&&s.prefix&&a.startsWith(c.config.prefix)&&(a=a.replace(c.config.prefix,""),c.config.baseURL&&(t=t.replace(c.config.prefix,c.config.baseURL))),(i=c.config)!=null&&i.baseURL&&a.startsWith(c.config.baseURL)&&(a=a.replace(c.config.baseURL,""));let u=c.schema[a];if(u){let l=b(A({},r),{method:u.method,output:u.output});return r?.disableValidation||(l=b(A({},l),{body:u.input?await z(u.input,r?.body):r?.body,params:u.params?await z(u.params,r?.params):r?.params,query:u.query?await z(u.query,r?.query):r?.query})),{url:t,options:l}}}return{url:t,options:r}}}),De=e=>{async function t(r,n){let o=b(A(A({},e),n),{plugins:[...e?.plugins||[],Wt(e||{}),...n?.plugins||[]]});if(e?.catchAllError)try{return await ie(r,o)}catch(s){return{data:null,error:{status:500,statusText:"Fetch Error",message:"Fetch related error. Captured by catchAllError option. See error property for more details.",error:s}}}return await ie(r,o)}return t};function Vt(e,t){let{baseURL:r,params:n,query:o}=t||{query:{},params:{},baseURL:""},s=e.startsWith("http")?e.split("/").slice(0,3).join("/"):r||"";if(e.startsWith("@")){let d=e.toString().split("@")[1].split("/")[0];Ce.includes(d)&&(e=e.replace(`@${d}/`,"/"))}s.endsWith("/")||(s+="/");let[i,c]=e.replace(s,"").split("?"),a=new URLSearchParams(c);for(let[d,p]of Object.entries(o||{})){if(p==null)continue;let E;if(typeof p=="string")E=p;else if(Array.isArray(p)){for(let y of p)a.append(d,y);continue}else E=JSON.stringify(p);a.set(d,E)}if(n)if(Array.isArray(n)){let d=i.split("/").filter(p=>p.startsWith(":"));for(let[p,E]of d.entries()){let y=n[p];i=i.replace(E,y)}}else for(let[d,p]of Object.entries(n))i=i.replace(`:${d}`,String(p));i=i.split("/").map(encodeURIComponent).join("/"),i.startsWith("/")&&(i=i.slice(1));let u=a.toString();return u=u.length>0?`?${u}`.replace(/\+/g,"%20"):"",s.startsWith("http")?new URL(`${i}${u}`,s):`${s}${i}${u}`}var ie=async(e,t)=>{var r,n,o,s,i,c,a,u;let{hooks:l,url:d,options:p}=await Nt(e,t),E=Ft(p),y=new AbortController,N=(r=p.signal)!=null?r:y.signal,g=Vt(d,p),T=Yt(p),_=await kt(p),O=jt(d,p),m=b(A({},p),{url:g,headers:_,body:T,method:O,signal:N});for(let S of l.onRequest)if(S){let R=await S(m);typeof R=="object"&&R!==null&&(m=R)}("pipeTo"in m&&typeof m.pipeTo=="function"||typeof((n=t?.body)==null?void 0:n.pipe)=="function")&&("duplex"in m||(m.duplex="half"));let{clearTimeout:f}=Ht(p,y),h=await E(m.url,m);f();let D={response:h,request:m};for(let S of l.onResponse)if(S){let R=await S(b(A({},D),{response:(o=t?.hookOptions)!=null&&o.cloneResponse?h.clone():h}));R instanceof Response?h=R:typeof R=="object"&&R!==null&&(h=R.response)}if(h.ok){if(!(m.method!=="HEAD"))return{data:"",error:null};let R=xt(h),w={data:null,response:h,request:m};if(R==="json"||R==="text"){let U=await h.text(),Ve=(s=m.jsonParser)!=null?s:Ne;w.data=await Ve(U)}else w.data=await h[R]();m?.output&&m.output&&!m.disableValidation&&(w.data=await z(m.output,w.data));for(let U of l.onSuccess)U&&await U(b(A({},w),{response:(i=t?.hookOptions)!=null&&i.cloneResponse?h.clone():h}));return t?.throw?w.data:{data:w.data,error:null}}let J=(c=t?.jsonParser)!=null?c:Ne,x=await h.text(),de=Mt(x),Q=de?await J(x):null,We={response:h,responseText:x,request:m,error:b(A({},Q),{status:h.status,statusText:h.statusText})};for(let S of l.onError)S&&await S(b(A({},We),{response:(a=t?.hookOptions)!=null&&a.cloneResponse?h.clone():h}));if(t?.retry){let S=Pt(t.retry),R=(u=t.retryAttempt)!=null?u:0;if(await S.shouldAttemptRetry(R,h)){for(let U of l.onRetry)U&&await U(D);let w=S.getDelay(R);return await new Promise(U=>setTimeout(U,w)),await ie(e,b(A({},t),{retryAttempt:R+1}))}}if(t?.throw)throw new Lt(h.status,h.statusText,de?Q:x);return{data:null,error:b(A({},Q),{status:h.status,statusText:h.statusText})}};var Gt=e=>{if(typeof process>"u")return;let t=e??"/api/auth";if(process.env.NEXT_PUBLIC_AUTH_URL)return process.env.NEXT_PUBLIC_AUTH_URL;if(typeof window>"u"){if(process.env.NEXTAUTH_URL)try{return process.env.NEXTAUTH_URL}catch{}if(process.env.VERCEL_URL)try{let r=process.env.VERCEL_URL.startsWith("http")?"":"https://";return`${new URL(`${r}${process.env.VERCEL_URL}`).origin}${t}`}catch{}}},xe=(e,t)=>{let r="credentials"in Request.prototype,n=Se(e?.baseURL,e?.basePath,void 0,t)??Gt(e?.basePath)??"/api/auth",o=e?.plugins?.flatMap(f=>f.fetchPlugins).filter(f=>f!==void 0)||[],s={id:"lifecycle-hooks",name:"lifecycle-hooks",hooks:{onSuccess:e?.fetchOptions?.onSuccess,onError:e?.fetchOptions?.onError,onRequest:e?.fetchOptions?.onRequest,onResponse:e?.fetchOptions?.onResponse}},{onSuccess:i,onError:c,onRequest:a,onResponse:u,...l}=e?.fetchOptions||{},d=De({baseURL:n,...r?{credentials:"include"}:{},method:"GET",jsonParser(f){return f?Ee(f,{strict:!1}):null},customFetchImpl:fetch,...l,plugins:[s,...l.plugins||[],...e?.disableDefaultFetchPlugins?[]:[ve],...o]}),{$sessionSignal:p,session:E,broadcastSessionUpdate:y}=Ae(d,e),N=e?.plugins||[],g={},T={$sessionSignal:p,session:E},_={"/sign-out":"POST","/revoke-sessions":"POST","/revoke-other-sessions":"POST","/delete-user":"POST"},O=[{signal:"$sessionSignal",matcher(f){return f==="/sign-out"||f==="/update-user"||f==="/update-session"||f==="/sign-up/email"||f==="/sign-in/email"||f==="/delete-user"||f==="/verify-email"||f==="/revoke-sessions"||f==="/revoke-session"||f==="/revoke-other-sessions"||f==="/change-email"||f==="/change-password"},callback(f){f==="/sign-out"?y("signout"):(f==="/update-user"||f==="/update-session")&&y("updateUser")}}];for(let f of N)f.getAtoms&&Object.assign(T,f.getAtoms?.(d)),f.pathMethods&&Object.assign(_,f.pathMethods),f.atomListeners&&O.push(...f.atomListeners);let m={notify:f=>{T[f].set(!T[f].get())},listen:(f,h)=>{T[f].subscribe(h)},atoms:T};for(let f of N)f.getActions&&(g=be(f.getActions?.(d,m,e)??{},g));return{get baseURL(){return n},pluginsActions:g,pluginsAtoms:T,pluginPathMethods:_,atomListeners:O,$fetch:d,$store:m}};function Me(e){return typeof e=="object"&&e!==null&&"get"in e&&typeof e.get=="function"&&"lc"in e&&typeof e.lc=="number"}function $t(e,t,r){let n=t[e],{fetchOptions:o,query:s,...i}=r||{};return n||(o?.method?o.method:i&&Object.keys(i).length>0?"POST":"GET")}function Fe(e,t,r,n,o){function s(i=[]){return new Proxy(function(){},{get(c,a){if(typeof a!="string"||a==="then"||a==="catch"||a==="finally")return;let u=[...i,a],l=e;for(let d of u)if(l&&typeof l=="object"&&d in l)l=l[d];else{l=void 0;break}return typeof l=="function"||Me(l)?l:s(u)},apply:async(c,a,u)=>{let l="/"+i.map(_=>_.replace(/[A-Z]/g,O=>`-${O.toLowerCase()}`)).join("/"),d=u[0]||{},p=u[1]||{},{query:E,fetchOptions:y,...N}=d,g={...p,...y},T=$t(l,r,d);return await t(l,{...g,body:T==="GET"?void 0:{...N,...g?.body||{}},query:E||g?.query,method:T,async onSuccess(_){if(await g?.onSuccess?.(_),!o||g.disableSignal)return;let O=o.filter(f=>f.matcher(l));if(!O.length)return;let m=new Set;for(let f of O){let h=n[f.signal];if(!h)return;if(m.has(f.signal))continue;m.add(f.signal);let D=h.get();setTimeout(()=>{h.set(!D)},10),f.callback?.(l)}}})}})}return s()}function ke(e){return e.charAt(0).toUpperCase()+e.slice(1)}function ae(e){let{pluginPathMethods:t,pluginsActions:r,pluginsAtoms:n,$fetch:o,atomListeners:s,$store:i}=xe(e),c={};for(let[a,u]of Object.entries(n))c[`use${ke(a)}`]=u;return Fe({...r,...c,$fetch:o,$store:i},o,t,n,s)}var Be=ge({FAILED_TO_CREATE_USER:"Failed to create user",USER_ALREADY_EXISTS:"User already exists.",USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL:"User already exists. Use another email.",YOU_CANNOT_BAN_YOURSELF:"You cannot ban yourself",YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE:"You are not allowed to change users role",YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS:"You are not allowed to create users",YOU_ARE_NOT_ALLOWED_TO_LIST_USERS:"You are not allowed to list users",YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS:"You are not allowed to list users sessions",YOU_ARE_NOT_ALLOWED_TO_BAN_USERS:"You are not allowed to ban users",YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS:"You are not allowed to impersonate users",YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS:"You are not allowed to revoke users sessions",YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS:"You are not allowed to delete users",YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD:"You are not allowed to set users password",BANNED_USER:"You have been banned from this application",YOU_ARE_NOT_ALLOWED_TO_GET_USER:"You are not allowed to get user",NO_DATA_TO_UPDATE:"No data to update",YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS:"You are not allowed to update users",YOU_CANNOT_REMOVE_YOURSELF:"You cannot remove yourself",YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE:"You are not allowed to set a non-existent role value",YOU_CANNOT_IMPERSONATE_ADMINS:"You cannot impersonate admins",INVALID_ROLE_TYPE:"Invalid role type"});function zt(e){return{authorize(t,r="AND"){let n=!1;for(let[o,s]of Object.entries(t)){let i=e[o];if(!i)return{success:!1,error:`You are not allowed to access resource: ${o}`};if(Array.isArray(s))n=s.every(c=>i.includes(c));else if(typeof s=="object"){let c=s;c.connector==="OR"?n=c.actions.some(a=>i.includes(a)):n=c.actions.every(a=>i.includes(a))}else throw new C("Invalid access control request");if(n&&r==="OR")return{success:n};if(!n&&r==="AND")return{success:!1,error:`unauthorized to access resource "${o}"`}}return n?{success:n}:{success:!1,error:"Not authorized"}},statements:e}}function Ye(e){return{newRole(t){return zt(t)},statements:e}}var Jt={user:["create","list","set-role","ban","impersonate","impersonate-admins","delete","set-password","get","update"],session:["list","revoke","delete"]},je=Ye(Jt),le=je.newRole({user:["create","list","set-role","ban","impersonate","delete","set-password","get","update"],session:["list","revoke","delete"]}),ue=je.newRole({user:[],session:[]}),He={admin:le,user:ue};var qe=e=>{if(e.userId&&e.options?.adminUserIds?.includes(e.userId))return!0;if(!e.permissions)return!1;let t=(e.role||e.options?.defaultRole||"user").split(","),r=e.options?.roles||He;for(let n of t)if(r[n]?.authorize(e.permissions)?.success)return!0;return!1};var ce=e=>{let t={admin:le,user:ue,...e?.roles};return{id:"admin-client",version:he,$InferServerPlugin:{},getActions:()=>({admin:{checkRolePermission:r=>qe({role:r.role,options:{ac:e?.ac,roles:t},permissions:r.permissions})}}),pathMethods:{"/admin/list-users":"GET","/admin/stop-impersonating":"POST"},$ERROR_CODES:Be}};var fe=class{client;constructor(t){this.client=ae({baseURL:t.tenantUrl,plugins:[ce()]})}async signIn(t,r){return await this.client.signIn.email({email:t,password:r})}async signUp(t,r,n){return await this.client.signUp.email({email:t,password:r,name:n})}async signOut(){return await this.client.signOut()}async getSession(){return await this.client.getSession()}async hasRole(t){let r=await this.getSession();if(!r?.data?.user)return!1;let n=r.data.user;return!!(n.role===t||n.roles?.includes(t))}async getRoles(){let t=await this.getSession();if(!t?.data?.user)return[];let r=t.data.user,n=[];return r.role&&n.push(r.role),r.roles&&n.push(...r.roles),[...new Set(n)]}};return Xe(Qt);})();
3
+ at `))}function kt(e,t){class r extends e{#e;constructor(...o){if(xt()){let i=Error.stackTraceLimit;Error.stackTraceLimit=0,super(...o),Error.stackTraceLimit=i}else super(...o);let s=new Error().stack;s&&(this.#e=Mt(s.replace(/^Error/,this.name)))}get errorStack(){return this.#e}}return Object.defineProperty(r.prototype,"constructor",{get(){return t},enumerable:!1,configurable:!0}),r}var Ft={OK:200,CREATED:201,ACCEPTED:202,NO_CONTENT:204,MULTIPLE_CHOICES:300,MOVED_PERMANENTLY:301,FOUND:302,SEE_OTHER:303,NOT_MODIFIED:304,TEMPORARY_REDIRECT:307,BAD_REQUEST:400,UNAUTHORIZED:401,PAYMENT_REQUIRED:402,FORBIDDEN:403,NOT_FOUND:404,METHOD_NOT_ALLOWED:405,NOT_ACCEPTABLE:406,PROXY_AUTHENTICATION_REQUIRED:407,REQUEST_TIMEOUT:408,CONFLICT:409,GONE:410,LENGTH_REQUIRED:411,PRECONDITION_FAILED:412,PAYLOAD_TOO_LARGE:413,URI_TOO_LONG:414,UNSUPPORTED_MEDIA_TYPE:415,RANGE_NOT_SATISFIABLE:416,EXPECTATION_FAILED:417,"I'M_A_TEAPOT":418,MISDIRECTED_REQUEST:421,UNPROCESSABLE_ENTITY:422,LOCKED:423,FAILED_DEPENDENCY:424,TOO_EARLY:425,UPGRADE_REQUIRED:426,PRECONDITION_REQUIRED:428,TOO_MANY_REQUESTS:429,REQUEST_HEADER_FIELDS_TOO_LARGE:431,UNAVAILABLE_FOR_LEGAL_REASONS:451,INTERNAL_SERVER_ERROR:500,NOT_IMPLEMENTED:501,BAD_GATEWAY:502,SERVICE_UNAVAILABLE:503,GATEWAY_TIMEOUT:504,HTTP_VERSION_NOT_SUPPORTED:505,VARIANT_ALSO_NEGOTIATES:506,INSUFFICIENT_STORAGE:507,LOOP_DETECTED:508,NOT_EXTENDED:510,NETWORK_AUTHENTICATION_REQUIRED:511},Bt=class extends Error{constructor(e="INTERNAL_SERVER_ERROR",t=void 0,r={},n=typeof e=="number"?e:Ft[e]){super(t?.message,t?.cause?{cause:t.cause}:void 0),this.status=e,this.body=t,this.headers=r,this.statusCode=n,this.name="APIError",this.status=e,this.headers=r,this.statusCode=n,this.body=t}};var jt=kt(Bt,Error);var D=class extends Error{constructor(e,t){super(e,t),this.name="BetterAuthError",this.message=e,this.stack=""}};function Yt(e){try{return(new URL(e).pathname.replace(/\/+$/,"")||"/")!=="/"}catch{throw new D(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Ht(e){try{let t=new URL(e);if(t.protocol!=="http:"&&t.protocol!=="https:")throw new D(`Invalid base URL: ${e}. URL must include 'http://' or 'https://'`)}catch(t){throw t instanceof D?t:new D(`Invalid base URL: ${e}. Please provide a valid base URL.`,{cause:t})}}function V(e,t="/api/auth"){if(Ht(e),Yt(e))return e;let r=e.replace(/\/+$/,"");return!t||t==="/"?r:(t=t.startsWith("/")?t:`/${t}`,`${r}${t}`)}function xe(e,t){return!e||e.trim()===""?!1:t==="proto"?e==="http"||e==="https":t==="host"?[/\.\./,/\0/,/[\s]/,/^[.]/,/[<>'"]/,/javascript:/i,/file:/i,/data:/i].some(r=>r.test(e))?!1:/^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?$/.test(e)||/^(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?$/.test(e)||/^\[[0-9a-fA-F:]+\](:[0-9]{1,5})?$/.test(e)||/^localhost(:[0-9]{1,5})?$/i.test(e):!1}function Me(e,t,r,n,o){if(e)return V(e,t);if(n!==!1){let u=I.BETTER_AUTH_URL||I.NEXT_PUBLIC_BETTER_AUTH_URL||I.PUBLIC_BETTER_AUTH_URL||I.NUXT_PUBLIC_BETTER_AUTH_URL||I.NUXT_PUBLIC_AUTH_URL||(I.BASE_URL!=="/"?I.BASE_URL:void 0);if(u)return V(u,t)}let s=r?.headers.get("x-forwarded-host"),i=r?.headers.get("x-forwarded-proto");if(s&&i&&o&&xe(i,"proto")&&xe(s,"host"))try{return V(`${i}://${s}`,t)}catch{}if(r){let u=Wt(r.url);if(!u)throw new D("Could not get origin from request. Please provide a valid base URL.");return V(u,t)}if(typeof window<"u"&&window.location)return V(window.location.origin,t)}function Wt(e){try{let t=new URL(e);return t.origin==="null"?null:t.origin}catch{return null}}var ke={id:"redirect",name:"Redirect",hooks:{onSuccess(e){if(e.data?.url&&e.data?.redirect&&typeof window<"u"&&window.location&&window.location)try{window.location.href=e.data.url}catch{}}}};function Fe(e,t){let r=H(!1),n=Ne(r,"/get-session",e,{method:"GET"}),o=()=>{};return W(n,()=>{let s=Pe({sessionAtom:n,sessionSignal:r,$fetch:e,options:t});return s.init(),o=s.broadcastSessionUpdate,()=>{s.cleanup()}}),{session:n,$sessionSignal:r,broadcastSessionUpdate:s=>o(s)}}function ue(e){if(e===null||typeof e!="object")return!1;let t=Object.getPrototypeOf(e);return t!==null&&t!==Object.prototype&&Object.getPrototypeOf(t)!==null||Symbol.iterator in e?!1:Symbol.toStringTag in e?Object.prototype.toString.call(e)==="[object Module]":!0}function fe(e,t,r=".",n){if(!ue(t))return fe(e,{},r,n);let o={...t};for(let s of Object.keys(e)){if(s==="__proto__"||s==="constructor")continue;let i=e[s];i!=null&&(n&&n(o,s,i,r)||(Array.isArray(i)&&Array.isArray(o[s])?o[s]=[...i,...o[s]]:ue(i)&&ue(o[s])?o[s]=fe(i,o[s],(r?`${r}.`:"")+s.toString(),n):o[s]=i))}return o}function de(e){return(...t)=>t.reduce((r,n)=>fe(r,n,"",e),{})}var Be=de(),Rn=de((e,t,r)=>{if(e[t]!==void 0&&typeof r=="function")return e[t]=r(e[t]),!0}),On=de((e,t,r)=>{if(Array.isArray(e[t])&&typeof r=="function")return e[t]=r(e[t]),!0});var qt=Object.defineProperty,Vt=Object.defineProperties,Gt=Object.getOwnPropertyDescriptors,je=Object.getOwnPropertySymbols,$t=Object.prototype.hasOwnProperty,Kt=Object.prototype.propertyIsEnumerable,Ye=(e,t,r)=>t in e?qt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,A=(e,t)=>{for(var r in t||(t={}))$t.call(t,r)&&Ye(e,r,t[r]);if(je)for(var r of je(t))Kt.call(t,r)&&Ye(e,r,t[r]);return e},b=(e,t)=>Vt(e,Gt(t)),Jt=class extends Error{constructor(e,t,r){super(t||e.toString(),{cause:r}),this.status=e,this.statusText=t,this.error=r,Error.captureStackTrace(this,this.constructor)}},zt=async(e,t)=>{var r,n,o,s,i,u;let a=t||{},c={onRequest:[t?.onRequest],onResponse:[t?.onResponse],onSuccess:[t?.onSuccess],onError:[t?.onError],onRetry:[t?.onRetry]};if(!t||!t?.plugins)return{url:e,options:a,hooks:c};for(let l of t?.plugins||[]){if(l.init){let d=await((r=l.init)==null?void 0:r.call(l,e.toString(),t));a=d.options||a,e=d.url}c.onRequest.push((n=l.hooks)==null?void 0:n.onRequest),c.onResponse.push((o=l.hooks)==null?void 0:o.onResponse),c.onSuccess.push((s=l.hooks)==null?void 0:s.onSuccess),c.onError.push((i=l.hooks)==null?void 0:i.onError),c.onRetry.push((u=l.hooks)==null?void 0:u.onRetry)}return{url:e,options:a,hooks:c}},He=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(){return this.options.delay}},Qt=class{constructor(e){this.options=e}shouldAttemptRetry(e,t){return this.options.shouldRetry?Promise.resolve(e<this.options.attempts&&this.options.shouldRetry(t)):Promise.resolve(e<this.options.attempts)}getDelay(e){return Math.min(this.options.maxDelay,this.options.baseDelay*2**e)}};function Xt(e){if(typeof e=="number")return new He({type:"linear",attempts:e,delay:1e3});switch(e.type){case"linear":return new He(e);case"exponential":return new Qt(e);default:throw new Error("Invalid retry strategy")}}var Zt=async e=>{let t={},r=async n=>typeof n=="function"?await n():n;if(e?.auth){if(e.auth.type==="Bearer"){let n=await r(e.auth.token);if(!n)return t;t.authorization=`Bearer ${n}`}else if(e.auth.type==="Basic"){let[n,o]=await Promise.all([r(e.auth.username),r(e.auth.password)]);if(!n||!o)return t;t.authorization=`Basic ${btoa(`${n}:${o}`)}`}else if(e.auth.type==="Custom"){let[n,o]=await Promise.all([r(e.auth.prefix),r(e.auth.value)]);if(!o)return t;t.authorization=`${n??""} ${o}`}}return t},er=/^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;function tr(e){let t=e.headers.get("content-type"),r=new Set(["image/svg","application/xml","application/xhtml","application/html"]);if(!t)return"json";let n=t.split(";").shift()||"";return er.test(n)?"json":r.has(n)||n.startsWith("text/")?"text":"blob"}function rr(e){try{return JSON.parse(e),!0}catch{return!1}}function pe(e){if(e===void 0)return!1;let t=typeof e;return t==="string"||t==="number"||t==="boolean"||t===null?!0:t!=="object"?!1:Array.isArray(e)?!0:e.buffer?!1:e.constructor&&e.constructor.name==="Object"||typeof e.toJSON=="function"}function We(e){try{return JSON.parse(e)}catch{return e}}function qe(e){return typeof e=="function"}function nr(e){if(e?.customFetchImpl)return e.customFetchImpl;if(typeof globalThis<"u"&&qe(globalThis.fetch))return globalThis.fetch;if(typeof window<"u"&&qe(window.fetch))return window.fetch;throw new Error("No fetch implementation found")}async function or(e){let t=new Headers(e?.headers),r=await Zt(e);for(let[n,o]of Object.entries(r||{}))t.set(n,o);if(!t.has("content-type")){let n=sr(e?.body);n&&t.set("content-type",n)}return t}function sr(e){return pe(e)?"application/json":null}function ir(e){if(!e?.body)return null;let t=new Headers(e?.headers);if(pe(e.body)&&!t.has("content-type")){for(let[r,n]of Object.entries(e?.body))n instanceof Date&&(e.body[r]=n.toISOString());return JSON.stringify(e.body)}return t.has("content-type")&&t.get("content-type")==="application/x-www-form-urlencoded"&&pe(e.body)?new URLSearchParams(e.body).toString():e.body}function ar(e,t){var r;if(t?.method)return t.method.toUpperCase();if(e.startsWith("@")){let n=(r=e.split("@")[1])==null?void 0:r.split("/")[0];return Ge.includes(n)?n.toUpperCase():t?.body?"POST":"GET"}return t?.body?"POST":"GET"}function lr(e,t){let r;return!e?.signal&&e?.timeout&&(r=setTimeout(()=>t?.abort(),e?.timeout)),{abortTimeout:r,clearTimeout:()=>{r&&clearTimeout(r)}}}var cr=class Ve extends Error{constructor(t,r){super(r||JSON.stringify(t,null,2)),this.issues=t,Object.setPrototypeOf(this,Ve.prototype)}};async function te(e,t){let r=await e["~standard"].validate(t);if(r.issues)throw new cr(r.issues);return r.value}var Ge=["get","post","put","patch","delete"];var ur=e=>({id:"apply-schema",name:"Apply Schema",version:"1.0.0",async init(t,r){var n,o,s,i;let u=((o=(n=e.plugins)==null?void 0:n.find(a=>{var c;return(c=a.schema)!=null&&c.config?t.startsWith(a.schema.config.baseURL||"")||t.startsWith(a.schema.config.prefix||""):!1}))==null?void 0:o.schema)||e.schema;if(u){let a=t;(s=u.config)!=null&&s.prefix&&a.startsWith(u.config.prefix)&&(a=a.replace(u.config.prefix,""),u.config.baseURL&&(t=t.replace(u.config.prefix,u.config.baseURL))),(i=u.config)!=null&&i.baseURL&&a.startsWith(u.config.baseURL)&&(a=a.replace(u.config.baseURL,""));let c=u.schema[a];if(c){let l=b(A({},r),{method:c.method,output:c.output});return r?.disableValidation||(l=b(A({},l),{body:c.input?await te(c.input,r?.body):r?.body,params:c.params?await te(c.params,r?.params):r?.params,query:c.query?await te(c.query,r?.query):r?.query})),{url:t,options:l}}}return{url:t,options:r}}}),$e=e=>{async function t(r,n){let o=b(A(A({},e),n),{plugins:[...e?.plugins||[],ur(e||{}),...n?.plugins||[]]});if(e?.catchAllError)try{return await me(r,o)}catch(s){return{data:null,error:{status:500,statusText:"Fetch Error",message:"Fetch related error. Captured by catchAllError option. See error property for more details.",error:s}}}return await me(r,o)}return t};function fr(e,t){let{baseURL:r,params:n,query:o}=t||{query:{},params:{},baseURL:""},s=e.startsWith("http")?e.split("/").slice(0,3).join("/"):r||"";if(e.startsWith("@")){let d=e.toString().split("@")[1].split("/")[0];Ge.includes(d)&&(e=e.replace(`@${d}/`,"/"))}s.endsWith("/")||(s+="/");let[i,u]=e.replace(s,"").split("?"),a=new URLSearchParams(u);for(let[d,p]of Object.entries(o||{})){if(p==null)continue;let E;if(typeof p=="string")E=p;else if(Array.isArray(p)){for(let _ of p)a.append(d,_);continue}else E=JSON.stringify(p);a.set(d,E)}if(n)if(Array.isArray(n)){let d=i.split("/").filter(p=>p.startsWith(":"));for(let[p,E]of d.entries()){let _=n[p];i=i.replace(E,_)}}else for(let[d,p]of Object.entries(n))i=i.replace(`:${d}`,String(p));i=i.split("/").map(encodeURIComponent).join("/"),i.startsWith("/")&&(i=i.slice(1));let c=a.toString();return c=c.length>0?`?${c}`.replace(/\+/g,"%20"):"",s.startsWith("http")?new URL(`${i}${c}`,s):`${s}${i}${c}`}var me=async(e,t)=>{var r,n,o,s,i,u,a,c;let{hooks:l,url:d,options:p}=await zt(e,t),E=nr(p),_=new AbortController,N=(r=p.signal)!=null?r:_.signal,O=fr(d,p),S=ir(p),y=await or(p),R=ar(d,p),h=b(A({},p),{url:O,headers:y,body:S,method:R,signal:N});for(let T of l.onRequest)if(T){let g=await T(h);typeof g=="object"&&g!==null&&(h=g)}("pipeTo"in h&&typeof h.pipeTo=="function"||typeof((n=t?.body)==null?void 0:n.pipe)=="function")&&("duplex"in h||(h.duplex="half"));let{clearTimeout:f}=lr(p,_),m=await E(h.url,h);f();let M={response:m,request:h};for(let T of l.onResponse)if(T){let g=await T(b(A({},M),{response:(o=t?.hookOptions)!=null&&o.cloneResponse?m.clone():m}));g instanceof Response?m=g:typeof g=="object"&&g!==null&&(m=g.response)}if(m.ok){if(!(h.method!=="HEAD"))return{data:"",error:null};let g=tr(m),U={data:null,response:m,request:h};if(g==="json"||g==="text"){let L=await m.text(),ut=(s=h.jsonParser)!=null?s:We;U.data=await ut(L)}else U.data=await m[g]();h?.output&&h.output&&!h.disableValidation&&(U.data=await te(h.output,U.data));for(let L of l.onSuccess)L&&await L(b(A({},U),{response:(i=t?.hookOptions)!=null&&i.cloneResponse?m.clone():m}));return t?.throw?U.data:{data:U.data,error:null}}let oe=(u=t?.jsonParser)!=null?u:We,F=await m.text(),ve=rr(F),se=ve?await oe(F):null,ct={response:m,responseText:F,request:h,error:b(A({},se),{status:m.status,statusText:m.statusText})};for(let T of l.onError)T&&await T(b(A({},ct),{response:(a=t?.hookOptions)!=null&&a.cloneResponse?m.clone():m}));if(t?.retry){let T=Xt(t.retry),g=(c=t.retryAttempt)!=null?c:0;if(await T.shouldAttemptRetry(g,m)){for(let L of l.onRetry)L&&await L(M);let U=T.getDelay(g);return await new Promise(L=>setTimeout(L,U)),await me(e,b(A({},t),{retryAttempt:g+1}))}}if(t?.throw)throw new Jt(m.status,m.statusText,ve?se:F);return{data:null,error:b(A({},se),{status:m.status,statusText:m.statusText})}};var dr=e=>{if(typeof process>"u")return;let t=e??"/api/auth";if(process.env.NEXT_PUBLIC_AUTH_URL)return process.env.NEXT_PUBLIC_AUTH_URL;if(typeof window>"u"){if(process.env.NEXTAUTH_URL)try{return process.env.NEXTAUTH_URL}catch{}if(process.env.VERCEL_URL)try{let r=process.env.VERCEL_URL.startsWith("http")?"":"https://";return`${new URL(`${r}${process.env.VERCEL_URL}`).origin}${t}`}catch{}}},Ke=(e,t)=>{let r="credentials"in Request.prototype,n=Me(e?.baseURL,e?.basePath,void 0,t)??dr(e?.basePath)??"/api/auth",o=e?.plugins?.flatMap(f=>f.fetchPlugins).filter(f=>f!==void 0)||[],s={id:"lifecycle-hooks",name:"lifecycle-hooks",hooks:{onSuccess:e?.fetchOptions?.onSuccess,onError:e?.fetchOptions?.onError,onRequest:e?.fetchOptions?.onRequest,onResponse:e?.fetchOptions?.onResponse}},{onSuccess:i,onError:u,onRequest:a,onResponse:c,...l}=e?.fetchOptions||{},d=$e({baseURL:n,...r?{credentials:"include"}:{},method:"GET",jsonParser(f){return f?Le(f,{strict:!1}):null},customFetchImpl:fetch,...l,plugins:[s,...l.plugins||[],...e?.disableDefaultFetchPlugins?[]:[ke],...o]}),{$sessionSignal:p,session:E,broadcastSessionUpdate:_}=Fe(d,e),N=e?.plugins||[],O={},S={$sessionSignal:p,session:E},y={"/sign-out":"POST","/revoke-sessions":"POST","/revoke-other-sessions":"POST","/delete-user":"POST"},R=[{signal:"$sessionSignal",matcher(f){return f==="/sign-out"||f==="/update-user"||f==="/update-session"||f==="/sign-up/email"||f==="/sign-in/email"||f==="/delete-user"||f==="/verify-email"||f==="/revoke-sessions"||f==="/revoke-session"||f==="/revoke-other-sessions"||f==="/change-email"||f==="/change-password"},callback(f){f==="/sign-out"?_("signout"):(f==="/update-user"||f==="/update-session")&&_("updateUser")}}];for(let f of N)f.getAtoms&&Object.assign(S,f.getAtoms?.(d)),f.pathMethods&&Object.assign(y,f.pathMethods),f.atomListeners&&R.push(...f.atomListeners);let h={notify:f=>{S[f].set(!S[f].get())},listen:(f,m)=>{S[f].subscribe(m)},atoms:S};for(let f of N)f.getActions&&(O=Be(f.getActions?.(d,h,e)??{},O));return{get baseURL(){return n},pluginsActions:O,pluginsAtoms:S,pluginPathMethods:y,atomListeners:R,$fetch:d,$store:h}};function Je(e){return typeof e=="object"&&e!==null&&"get"in e&&typeof e.get=="function"&&"lc"in e&&typeof e.lc=="number"}function pr(e,t,r){let n=t[e],{fetchOptions:o,query:s,...i}=r||{};return n||(o?.method?o.method:i&&Object.keys(i).length>0?"POST":"GET")}function ze(e,t,r,n,o){function s(i=[]){return new Proxy(function(){},{get(u,a){if(typeof a!="string"||a==="then"||a==="catch"||a==="finally")return;let c=[...i,a],l=e;for(let d of c)if(l&&typeof l=="object"&&d in l)l=l[d];else{l=void 0;break}return typeof l=="function"||Je(l)?l:s(c)},apply:async(u,a,c)=>{let l="/"+i.map(y=>y.replace(/[A-Z]/g,R=>`-${R.toLowerCase()}`)).join("/"),d=c[0]||{},p=c[1]||{},{query:E,fetchOptions:_,...N}=d,O={...p,..._},S=pr(l,r,d);return await t(l,{...O,body:S==="GET"?void 0:{...N,...O?.body||{}},query:E||O?.query,method:S,async onSuccess(y){if(await O?.onSuccess?.(y),!o||O.disableSignal)return;let R=o.filter(f=>f.matcher(l));if(!R.length)return;let h=new Set;for(let f of R){let m=n[f.signal];if(!m)return;if(h.has(f.signal))continue;h.add(f.signal);let M=m.get();setTimeout(()=>{m.set(!M)},10),f.callback?.(l)}}})}})}return s()}function Qe(e){return e.charAt(0).toUpperCase()+e.slice(1)}function he(e){let{pluginPathMethods:t,pluginsActions:r,pluginsAtoms:n,$fetch:o,atomListeners:s,$store:i}=Ke(e),u={};for(let[a,c]of Object.entries(n))u[`use${Qe(a)}`]=c;return ze({...r,...u,$fetch:o,$store:i},o,t,n,s)}var Xe=De({FAILED_TO_CREATE_USER:"Failed to create user",USER_ALREADY_EXISTS:"User already exists.",USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL:"User already exists. Use another email.",YOU_CANNOT_BAN_YOURSELF:"You cannot ban yourself",YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE:"You are not allowed to change users role",YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS:"You are not allowed to create users",YOU_ARE_NOT_ALLOWED_TO_LIST_USERS:"You are not allowed to list users",YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS:"You are not allowed to list users sessions",YOU_ARE_NOT_ALLOWED_TO_BAN_USERS:"You are not allowed to ban users",YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS:"You are not allowed to impersonate users",YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS:"You are not allowed to revoke users sessions",YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS:"You are not allowed to delete users",YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD:"You are not allowed to set users password",BANNED_USER:"You have been banned from this application",YOU_ARE_NOT_ALLOWED_TO_GET_USER:"You are not allowed to get user",NO_DATA_TO_UPDATE:"No data to update",YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS:"You are not allowed to update users",YOU_CANNOT_REMOVE_YOURSELF:"You cannot remove yourself",YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE:"You are not allowed to set a non-existent role value",YOU_CANNOT_IMPERSONATE_ADMINS:"You cannot impersonate admins",INVALID_ROLE_TYPE:"Invalid role type"});function mr(e){return{authorize(t,r="AND"){let n=!1;for(let[o,s]of Object.entries(t)){let i=e[o];if(!i)return{success:!1,error:`You are not allowed to access resource: ${o}`};if(Array.isArray(s))n=s.every(u=>i.includes(u));else if(typeof s=="object"){let u=s;u.connector==="OR"?n=u.actions.some(a=>i.includes(a)):n=u.actions.every(a=>i.includes(a))}else throw new D("Invalid access control request");if(n&&r==="OR")return{success:n};if(!n&&r==="AND")return{success:!1,error:`unauthorized to access resource "${o}"`}}return n?{success:n}:{success:!1,error:"Not authorized"}},statements:e}}function Ze(e){return{newRole(t){return mr(t)},statements:e}}var hr={user:["create","list","set-role","ban","impersonate","impersonate-admins","delete","set-password","get","update"],session:["list","revoke","delete"]},et=Ze(hr),Ee=et.newRole({user:["create","list","set-role","ban","impersonate","delete","set-password","get","update"],session:["list","revoke","delete"]}),ye=et.newRole({user:[],session:[]}),tt={admin:Ee,user:ye};var rt=e=>{if(e.userId&&e.options?.adminUserIds?.includes(e.userId))return!0;if(!e.permissions)return!1;let t=(e.role||e.options?.defaultRole||"user").split(","),r=e.options?.roles||tt;for(let n of t)if(r[n]?.authorize(e.permissions)?.success)return!0;return!1};var ge=e=>{let t={admin:Ee,user:ye,...e?.roles};return{id:"admin-client",version:be,$InferServerPlugin:{},getActions:()=>({admin:{checkRolePermission:r=>rt({role:r.role,options:{ac:e?.ac,roles:t},permissions:r.permissions})}}),pathMethods:{"/admin/list-users":"GET","/admin/stop-impersonating":"POST"},$ERROR_CODES:Xe}};var _e=class{client;constructor(t){this.client=he({baseURL:t.tenantUrl,plugins:[ge()]})}async signIn(t,r){return await this.client.signIn.email({email:t,password:r})}async signUp(t,r,n){return await this.client.signUp.email({email:t,password:r,name:n})}async signOut(){return await this.client.signOut()}async getSession(){return await this.client.getSession()}async hasRole(t){let r=await this.getSession();if(!r?.data?.user)return!1;let n=r.data.user;return!!(n.role===t||n.roles?.includes(t))}async getRoles(){let t=await this.getSession();if(!t?.data?.user)return[];let r=t.data.user,n=[];return r.role&&n.push(r.role),r.roles&&n.push(...r.roles),[...new Set(n)]}};var nt=k("child_process"),ot=k("util"),Re=k("crypto"),x=J(k("os"),1),G=(0,ot.promisify)(nt.exec);async function st(){let e=process.platform;try{let t;if(e==="darwin")t=await Er();else if(e==="linux")t=await yr();else if(e==="win32")t=await gr();else throw new Error(`Unsupported platform: ${e}`);let r=(0,Re.createHash)("sha256").update(t).digest("hex").substring(0,32),n=JSON.stringify({machineId:r,cpus:x.cpus().length,arch:x.arch(),platform:x.platform(),homedir:x.homedir()}),o=(0,Re.createHash)("sha256").update(n).digest("hex");return{machineId:r,fingerprint:o}}catch(t){throw new Error(`Failed to get machine ID: ${t.message}`)}}async function Er(){try{let{stdout:e}=await G(`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`),{stdout:t}=await G("hostname"),r=e.trim(),n=t.trim();if(r&&n)return`${r}-${n}`;let{stdout:o}=await G(`ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`);return o.trim()}catch{throw new Error("Failed to get macOS machine ID")}}async function yr(){try{let{stdout:e}=await G("cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"),t=e.trim();if(t)return t;throw new Error("Machine ID file not found")}catch{throw new Error("Failed to get Linux machine ID")}}async function gr(){try{let{stdout:e}=await G("wmic csproduct get uuid"),r=e.split(`
4
+ `).map(n=>n.trim()).find(n=>n&&n!=="UUID");if(r)return r;throw new Error("Failed to parse machine UUID from WMIC")}catch{throw new Error("Failed to get Windows machine ID")}}var v=J(k("fs"),1),re=J(k("path"),1),Oe=J(k("os"),1);function Se(){let e=Oe.homedir(),t=re.join(e,".learn");return re.join(t,"credentials.json")}function _r(){let e=Oe.homedir(),t=re.join(e,".learn");v.existsSync(t)||v.mkdirSync(t,{recursive:!0,mode:448})}function $(){try{let e=Se();if(!v.existsSync(e))return null;let t=v.readFileSync(e,"utf-8"),r=JSON.parse(t);return r.access_token&&!r["learn-secrets-sdk"]&&!r["learn-auth-sdk"]?{"learn-secrets-sdk":r}:r}catch{return null}}function ne(e){_r();let t=Se(),r=JSON.stringify(e,null,2);v.writeFileSync(t,r,{mode:384})}function Te(e){let t=$();return t&&t[e]||null}function it(e,t){let r=$()||{};r[e]=t,ne(r)}function at(e){let t=$();t&&(delete t[e],Object.keys(t).length===0?Rr():ne(t))}function Rr(){try{let e=Se();v.existsSync(e)&&v.unlinkSync(e)}catch{}}function lt(e){let t=Te(e);return t!==null&&!!t.access_token}return yt(Or);})();
package/dist/index.js CHANGED
@@ -1 +1,2 @@
1
- import{createAuthClient as n}from"better-auth/client";import{adminClient as i}from"better-auth/client/plugins";var r=class{client;constructor(t){this.client=n({baseURL:t.tenantUrl,plugins:[i()]})}async signIn(t,s){return await this.client.signIn.email({email:t,password:s})}async signUp(t,s,e){return await this.client.signUp.email({email:t,password:s,name:e})}async signOut(){return await this.client.signOut()}async getSession(){return await this.client.getSession()}async hasRole(t){let s=await this.getSession();if(!s?.data?.user)return!1;let e=s.data.user;return!!(e.role===t||e.roles?.includes(t))}async getRoles(){let t=await this.getSession();if(!t?.data?.user)return[];let s=t.data.user,e=[];return s.role&&e.push(s.role),s.roles&&e.push(...s.roles),[...new Set(e)]}};export{r as AuthSDK};
1
+ import{createAuthClient as g}from"better-auth/client";import{adminClient as w}from"better-auth/client/plugins";var m=class{client;constructor(e){this.client=g({baseURL:e.tenantUrl,plugins:[w()]})}async signIn(e,r){return await this.client.signIn.email({email:e,password:r})}async signUp(e,r,n){return await this.client.signUp.email({email:e,password:r,name:n})}async signOut(){return await this.client.signOut()}async getSession(){return await this.client.getSession()}async hasRole(e){let r=await this.getSession();if(!r?.data?.user)return!1;let n=r.data.user;return!!(n.role===e||n.roles?.includes(e))}async getRoles(){let e=await this.getSession();if(!e?.data?.user)return[];let r=e.data.user,n=[];return r.role&&n.push(r.role),r.roles&&n.push(...r.roles),[...new Set(n)]}};import{exec as S}from"child_process";import{promisify as C}from"util";import{createHash as p}from"crypto";import*as i from"os";var o=C(S);async function y(){let t=process.platform;try{let e;if(t==="darwin")e=await D();else if(t==="linux")e=await x();else if(t==="win32")e=await I();else throw new Error(`Unsupported platform: ${t}`);let r=p("sha256").update(e).digest("hex").substring(0,32),n=JSON.stringify({machineId:r,cpus:i.cpus().length,arch:i.arch(),platform:i.platform(),homedir:i.homedir()}),l=p("sha256").update(n).digest("hex");return{machineId:r,fingerprint:l}}catch(e){throw new Error(`Failed to get machine ID: ${e.message}`)}}async function D(){try{let{stdout:t}=await o(`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`),{stdout:e}=await o("hostname"),r=t.trim(),n=e.trim();if(r&&n)return`${r}-${n}`;let{stdout:l}=await o(`ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`);return l.trim()}catch{throw new Error("Failed to get macOS machine ID")}}async function x(){try{let{stdout:t}=await o("cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"),e=t.trim();if(e)return e;throw new Error("Machine ID file not found")}catch{throw new Error("Failed to get Linux machine ID")}}async function I(){try{let{stdout:t}=await o("wmic csproduct get uuid"),r=t.split(`
2
+ `).map(n=>n.trim()).find(n=>n&&n!=="UUID");if(r)return r;throw new Error("Failed to parse machine UUID from WMIC")}catch{throw new Error("Failed to get Windows machine ID")}}import*as s from"fs";import*as a from"path";import*as d from"os";function u(){let t=d.homedir(),e=a.join(t,".learn");return a.join(e,"credentials.json")}function K(){let t=d.homedir(),e=a.join(t,".learn");s.existsSync(e)||s.mkdirSync(e,{recursive:!0,mode:448})}function c(){try{let t=u();if(!s.existsSync(t))return null;let e=s.readFileSync(t,"utf-8"),r=JSON.parse(e);return r.access_token&&!r["learn-secrets-sdk"]&&!r["learn-auth-sdk"]?{"learn-secrets-sdk":r}:r}catch{return null}}function f(t){K();let e=u(),r=JSON.stringify(t,null,2);s.writeFileSync(e,r,{mode:384})}function h(t){let e=c();return e&&e[t]||null}function U(t,e){let r=c()||{};r[t]=e,f(r)}function P(t){let e=c();e&&(delete e[t],Object.keys(e).length===0?k():f(e))}function k(){try{let t=u();s.existsSync(t)&&s.unlinkSync(t)}catch{}}function v(t){let e=h(t);return e!==null&&!!e.access_token}export{m as AuthSDK,P as deleteSDKCredentials,y as getMachineId,v as hasSDKCredentials,c as readAllCredentials,h as readSDKCredentials,f as writeAllCredentials,U as writeSDKCredentials};
package/package.json CHANGED
@@ -1,20 +1,42 @@
1
1
  {
2
2
  "name": "learn-auth-sdk",
3
- "version": "0.1.0",
3
+ "version": "0.2.0",
4
4
  "description": "Open-source Auth SDK for decentralized tenant backends",
5
5
  "license": "MIT",
6
6
  "main": "./dist/index.js",
7
7
  "types": "./dist/index.d.ts",
8
8
  "type": "module",
9
9
  "files": [
10
- "dist"
10
+ "dist",
11
+ "bin"
11
12
  ],
13
+ "repository": {
14
+ "type": "git",
15
+ "url": "git+https://github.com/carsontkempf/learn.git",
16
+ "directory": "packages/auth-sdk"
17
+ },
18
+ "homepage": "https://github.com/carsontkempf/learn/tree/main/packages/auth-sdk",
19
+ "author": "Carson Kempf",
20
+ "keywords": [
21
+ "auth",
22
+ "authentication",
23
+ "rbac",
24
+ "multi-tenant",
25
+ "better-auth",
26
+ "d1",
27
+ "cloudflare"
28
+ ],
29
+ "bin": {
30
+ "learn-auth": "./bin/learn-auth.js"
31
+ },
12
32
  "scripts": {
13
- "build": "tsup src/index.ts --format esm,iife --dts --clean --minify --global-name AuthSDK",
14
- "dev": "tsc --watch"
33
+ "build": "tsup src/index.ts --format esm,iife --dts --clean --minify --global-name AuthSDK && tsup src/cli/index.ts --format esm --dts --out-dir dist/cli --external commander",
34
+ "dev": "tsc --watch",
35
+ "prepublishOnly": "npm run build"
15
36
  },
16
37
  "dependencies": {
17
- "better-auth": "^1.5.5"
38
+ "better-auth": "^1.5.5",
39
+ "commander": "^12.0.0"
18
40
  },
19
41
  "devDependencies": {
20
42
  "tsup": "^8.5.1",