payload-better-auth 1.0.10 → 1.1.6

package/package.json

@@ -1,8 +1,12 @@
 {
   "name": "payload-better-auth",
-  "version": "1.0.10",
-  "description": "A blank template to get started with Payload 3.0",
+  "version": "1.1.6",
+  "description": "A Payload CMS plugin that integrates Better Auth for seamless user authentication and management",
   "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/benjaminpreiss/payload-better-auth"
+  },
   "type": "module",
   "exports": {
     ".": {
@@ -24,78 +28,148 @@
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
-    "dist"
+    "dist",
+    "src"
   ],
+  "scripts": {
+    "build": "nx run payload-better-auth:_build",
+    "build:swc": "swc ./src -d ./dist --config-file .swcrc --strip-leading-paths",
+    "build:types": "tsc --outDir dist --rootDir ./src",
+    "_build": "npm run copyfiles && npm run build:types && npm run build:swc",
+    "clean": "rimraf {dist,*.tsbuildinfo}",
+    "copyfiles": "copyfiles -u 1 \"src/**/*.{html,css,scss,ttf,woff,woff2,eot,svg,jpg,png,json}\" dist/",
+    "dev": "concurrently -k -n \"WEB,MAIL\" -c \"auto\" \"npm run dev:original\" \"npm run maildev\"",
+    "dev:build": "nx run payload-better-auth:_dev:build",
+    "_dev:build": "dotenv -e ./dev/.env.test -- next build dev",
+    "dev:original": "dotenv -e ./dev/.env.development -- next dev dev --turbo",
+    "dev:start": "dotenv -e ./dev/.env.test -- next start dev",
+    "dev:generate-importmap": "npm run dev:payload generate:importmap",
+    "dev:generate-types": "npm run dev:payload generate:types",
+    "dev:payload": "dotenv -e ./dev/.env.development -- cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload",
+    "generate:importmap": "npm run dev:generate-importmap",
+    "generate:types": "npm run dev:generate-types",
+    "db:reset": "rimraf ./payload.db ./better-auth.db",
+    "db:reset:test": "rimraf ./dev/tests/test-payload.db ./dev/tests/test-better-auth.db",
+    "payload:migrate": "dotenv -e ./dev/.env.development -- cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload migrate:create --skip-empty && dotenv -e ./dev/.env.development -- cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload migrate",
+    "payload:migrate:test": "dotenv -e ./dev/.env.test -- cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload migrate:create --skip-empty && dotenv -e ./dev/.env.test -- cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload migrate",
+    "better-auth:migrate": "dotenv -e ./dev/.env.development -- better-auth migrate --yes --config ./dev/lib/auth.ts",
+    "better-auth:migrate:test": "dotenv -e ./dev/.env.test -- better-auth migrate --yes --config ./dev/lib/auth.ts",
+    "reset": "npm run db:reset && npm run payload:migrate && npm run better-auth:migrate",
+    "reset:test": "npm run db:reset:test && npm run payload:migrate:test && npm run better-auth:migrate:test",
+    "lint": "nx run payload-better-auth:_lint",
+    "_lint": "eslint --stats ./src ./dev",
+    "lint:fix:all": "eslint --fix --stats ./src ./dev ./dev/tests",
+    "lint:fix": "eslint ./src --fix",
+    "maildev": "maildev --smtp=1025 --web=1080",
+    "prepare": "husky",
+    "prepublishOnly": "npm run clean && npm run build",
+    "test": "nx run payload-better-auth:_test",
+    "_test": "npm run test:int && npm run test:e2e",
+    "test:e2e": "nx run payload-better-auth:_test:e2e",
+    "_test:e2e": "npm run dev:build && dotenv -e ./dev/.env.test -- playwright test",
+    "test:int": "nx run payload-better-auth:_test:int",
+    "_test:int": "npm run test:setup && dotenv -e ./dev/.env.test -- vitest run",
+    "test:setup": "npm run reset:test",
+    "typecheck": "nx run payload-better-auth:_typecheck",
+    "_typecheck": "tsc --noEmit -p ./dev/tsconfig.json",
+    "semantic-release": "semantic-release",
+    "test:int-with-wait": "dotenv -e ./dev/.env.test -- concurrently --success first -k -n \"dev,test\" \"npm run dev\" \"sh -lc 'until curl -fsS http://127.0.0.1:3000/admin >/dev/null; do sleep 0.25; done; npm run test:int'\""
+  },
   "devDependencies": {
-    "@eslint/eslintrc": "^3.3.1",
-    "@payloadcms/db-mongodb": "^3.57.0",
-    "@payloadcms/db-postgres": "^3.57.0",
-    "@payloadcms/db-sqlite": "^3.57.0",
+    "@better-auth/cli": "^1.4.10",
+    "@commitlint/cli": "^20.3.1",
+    "@commitlint/config-conventional": "^20.3.1",
+    "@eslint/eslintrc": "^3.3.3",
+    "@payloadcms/db-mongodb": "^3.70.0",
+    "@payloadcms/db-postgres": "^3.70.0",
+    "@payloadcms/db-sqlite": "^3.70.0",
     "@payloadcms/eslint-config": "^3.28.0",
-    "@payloadcms/next": "^3.57.0",
-    "@payloadcms/richtext-lexical": "^3.57.0",
-    "@payloadcms/ui": "^3.57.0",
-    "@playwright/test": "^1.55.1",
-    "@swc-node/register": "1.10.9",
-    "@swc/cli": "0.6.0",
-    "@types/node": "^22.18.6",
-    "@types/nodemailer": "^7.0.2",
-    "@types/react": "19.1.8",
-    "@types/react-dom": "19.1.6",
-    "better-sqlite3": "^12.4.1",
+    "@payloadcms/next": "^3.70.0",
+    "@payloadcms/richtext-lexical": "^3.70.0",
+    "@payloadcms/ui": "^3.70.0",
+    "@playwright/test": "^1.57.0",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.2",
+    "@semantic-release/npm": "^13.1.3",
+    "@swc-node/register": "1.11.1",
+    "@swc/cli": "0.7.9",
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/node": "^25.0.6",
+    "@types/nodemailer": "^7.0.5",
+    "@types/react": "19.2.8",
+    "@types/react-dom": "19.2.3",
+    "better-auth": "^1.4.10",
+    "better-sqlite3": "^12.6.0",
     "concurrently": "^9.2.1",
     "copyfiles": "2.4.1",
-    "cross-env": "^7.0.3",
-    "dotenv-cli": "^10.0.0",
-    "eslint": "^9.36.0",
-    "eslint-config-next": "15.4.4",
-    "execa": "^9.6.0",
-    "graphql": "^16.11.0",
+    "cross-env": "^10.1.0",
+    "dotenv-cli": "^11.0.0",
+    "drizzle-orm": "^0.44.0",
+    "eslint": "^9.39.2",
+    "eslint-config-next": "16.1.1",
+    "execa": "^9.6.1",
+    "graphql": "^16.12.0",
+    "husky": "^9.1.7",
     "maildev": "^2.2.1",
-    "mongodb-memory-server": "10.1.4",
-    "next": "15.4.4",
-    "nodemailer": "^7.0.6",
-    "open": "^10.2.0",
-    "payload": "^3.57.0",
-    "prettier": "^3.6.2",
-    "qs-esm": "7.0.2",
-    "react": "19.1.0",
-    "react-dom": "19.1.0",
-    "rimraf": "3.0.2",
-    "sharp": "0.34.2",
-    "sort-package-json": "^2.15.1",
-    "typescript": "5.7.3",
-    "vite-tsconfig-paths": "^5.1.4",
-    "vitest": "^3.2.4"
+    "mongodb-memory-server": "11.0.1",
+    "next": "16.1.1",
+    "nodemailer": "^7.0.12",
+    "nx": "^22.3.3",
+    "open": "^11.0.0",
+    "payload": "^3.70.0",
+    "prettier": "^3.7.4",
+    "qs-esm": "7.0.3",
+    "react": "19.2.3",
+    "react-dom": "19.2.3",
+    "rimraf": "6.1.2",
+    "semantic-release": "^25.0.2",
+    "sharp": "0.34.5",
+    "sort-package-json": "^3.6.0",
+    "typescript": "5.9.3",
+    "vite-tsconfig-paths": "^6.0.4",
+    "vitest": "^4.0.16"
   },
   "peerDependencies": {
-    "better-auth": "^1.4.0-beta.5",
+    "better-auth": "^1.4.10",
     "payload": "^3.37.0"
   },
+  "packageManager": "pnpm@10.16.1",
   "engines": {
     "node": "^18.20.2 || >=20.9.0",
     "pnpm": "^9 || ^10"
   },
-  "registry": "https://registry.npmjs.org/",
-  "scripts": {
-    "build": "pnpm copyfiles && pnpm build:types && pnpm build:swc",
-    "build:swc": "swc ./src -d ./dist --config-file .swcrc --strip-leading-paths",
-    "build:types": "tsc --outDir dist --rootDir ./src",
-    "clean": "rimraf {dist,*.tsbuildinfo}",
-    "copyfiles": "copyfiles -u 1 \"src/**/*.{html,css,scss,ttf,woff,woff2,eot,svg,jpg,png,json}\" dist/",
-    "dev": "concurrently -k -n \"WEB,MAIL\" -c \"auto\" \"pnpm:dev:original\" \"pnpm:maildev\"",
-    "dev:original": "next dev dev --turbo",
-    "dev:generate-importmap": "pnpm dev:payload generate:importmap",
-    "dev:generate-types": "pnpm dev:payload generate:types",
-    "dev:payload": "dotenv -e ./dev/.env -- cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload",
-    "generate:importmap": "pnpm dev:generate-importmap",
-    "generate:types": "pnpm dev:generate-types",
-    "lint": "eslint",
-    "lint:fix": "eslint ./src --fix",
-    "maildev": "maildev --smtp=1025 --web=1080",
-    "test": "pnpm test:int && pnpm test:e2e",
-    "test:e2e": "playwright test",
-    "test:int": "vitest",
-    "test:int-with-wait": "pnpm exec concurrently --success first -k -n \"dev,test\" \"pnpm run dev\" \"sh -lc 'until curl -fsS http://127.0.0.1:3000/admin >/dev/null; do sleep 0.25; done; pnpm run test:int'\""
-  }
-}
+  "publishConfig": {
+    "exports": {
+      ".": {
+        "import": "./dist/index.js",
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "./client": {
+        "import": "./dist/exports/client.js",
+        "types": "./dist/exports/client.d.ts",
+        "default": "./dist/exports/client.js"
+      },
+      "./rsc": {
+        "import": "./dist/exports/rsc.js",
+        "types": "./dist/exports/rsc.d.ts",
+        "default": "./dist/exports/rsc.js"
+      }
+    },
+    "main": "./dist/index.js",
+    "types": "./dist/index.d.ts"
+  },
+  "pnpm": {
+    "overrides": {
+      "drizzle-orm": "^0.44.0"
+    },
+    "onlyBuiltDependencies": [
+      "sharp",
+      "esbuild",
+      "unrs-resolver",
+      "better-sqlite3"
+    ]
+  },
+  "nx": {}
+}

package/src/better-auth/crypto-shared.ts

@@ -0,0 +1,169 @@
+// crypto-shared.ts
+import crypto from 'crypto'
+
+/**
+ * Type for serializable values that can be canonically stringified
+ */
+type SerializableValue =
+  | boolean
+  | null
+  | number
+  | SerializableArray
+  | SerializableObject
+  | string
+  | undefined
+
+interface SerializableObject {
+  [key: string]: SerializableValue
+}
+
+interface SerializableArray extends Array<SerializableValue> {}
+
+/**
+ * Signature object containing timestamp, nonce, and MAC
+ */
+export interface CryptoSignature {
+  /** HMAC-SHA256 signature */
+  mac: string
+  /** Unique nonce for this signature */
+  nonce: string
+  /** Unix timestamp as string */
+  ts: string
+}
+
+/**
+ * Input parameters for signature verification
+ */
+export interface VerifySignatureInput {
+  /** The data that was signed */
+  body: unknown
+  /** Maximum allowed time skew in seconds (default: 300) */
+  maxSkewSec?: number
+  /** Secret key for verification */
+  secret: string
+  /** The signature to verify */
+  signature: CryptoSignature
+}
+
+/**
+ * Input parameters for signature creation
+ */
+export interface SignCanonicalInput {
+  /** The data to sign */
+  body: unknown
+  /** Secret key for signing */
+  secret: string
+}
+
+/**
+ * Converts an object to a canonical string representation
+ * Handles circular references and ensures consistent ordering
+ */
+function canonicalStringify(obj: unknown): string {
+  const seen = new WeakSet<object>()
+
+  const walk = (v: unknown): string => {
+    if (v && typeof v === 'object') {
+      if (seen.has(v)) {
+        throw new Error('Circular reference detected in object')
+      }
+      seen.add(v)
+
+      if (Array.isArray(v)) {
+        const result = `[${v.map(walk).join(',')}]`
+        seen.delete(v)
+        return result
+      }
+
+      const keys = Object.keys(v).sort()
+      const result = `{${keys.map((k) => `"${k}":${walk((v as Record<string, unknown>)[k])}`).join(',')}}`
+      seen.delete(v)
+      return result
+    }
+    return JSON.stringify(v)
+  }
+
+  return walk(obj)
+}
+
+/**
+ * Creates a cryptographic signature for the given data
+ * @param body - The data to sign
+ * @param secret - Secret key for signing
+ * @returns Signature object with timestamp, nonce, and MAC
+ */
+export function signCanonical(body: unknown, secret: string): CryptoSignature {
+  if (!secret || typeof secret !== 'string') {
+    throw new Error('Secret must be a non-empty string')
+  }
+
+  const ts = Math.floor(Date.now() / 1000).toString()
+  const nonce = crypto.randomUUID()
+  const payload = canonicalStringify(body)
+  const mac = crypto.createHmac('sha256', secret).update(`${ts}.${nonce}.${payload}`).digest('hex')
+
+  return { mac, nonce, ts }
+}
+
+/**
+ * Verifies a cryptographic signature
+ * @param body - The original data that was signed
+ * @param sig - The signature to verify
+ * @param secret - Secret key for verification
+ * @param maxSkewSec - Maximum allowed time skew in seconds (default: 300)
+ * @returns true if signature is valid, false otherwise
+ */
+export function verifyCanonical(
+  body: unknown,
+  sig: CryptoSignature,
+  secret: string,
+  maxSkewSec: number = 300,
+) {
+  if (!secret || typeof secret !== 'string') {
+    return false
+  }
+
+  if (!sig || typeof sig !== 'object' || !sig.ts || !sig.nonce || !sig.mac) {
+    return false
+  }
+
+  // Validate timestamp
+  const now = Math.floor(Date.now() / 1000)
+  const t = Number(sig.ts)
+  if (!Number.isFinite(t) || Math.abs(now - t) > maxSkewSec) {
+    return false
+  }
+
+  try {
+    const payload = canonicalStringify(body)
+    const expected = crypto
+      .createHmac('sha256', secret)
+      .update(`${sig.ts}.${sig.nonce}.${payload}`)
+      .digest('hex')
+
+    return crypto.timingSafeEqual(
+      new Uint8Array(Buffer.from(sig.mac, 'hex')),
+      new Uint8Array(Buffer.from(expected, 'hex')),
+    )
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Convenience function for verifying signatures with input object
+ * @param input - Verification parameters
+ * @returns true if signature is valid, false otherwise
+ */
+export function verifySignature(input: VerifySignatureInput) {
+  return verifyCanonical(input.body, input.signature, input.secret, input.maxSkewSec)
+}
+
+/**
+ * Convenience function for creating signatures with input object
+ * @param input - Signing parameters
+ * @returns Signature object
+ */
+export function createSignature(input: SignCanonicalInput) {
+  return signCanonical(input.body, input.secret)
+}

package/src/better-auth/databaseHooks.ts

@@ -0,0 +1,30 @@
+import type { betterAuth } from 'better-auth'
+import type { SanitizedConfig } from 'payload'
+
+import { createDeleteUserFromPayload, createSyncUserToPayload } from './sources'
+
+export function createDatabaseHooks({
+  config,
+}: {
+  config: Promise<SanitizedConfig>
+}): Parameters<typeof betterAuth>['0']['databaseHooks'] {
+  const syncUserToPayload = createSyncUserToPayload(config)
+  const deleteUserFromPayload = createDeleteUserFromPayload(config)
+  return {
+    user: {
+      create: {
+        // After the BA user exists, sync to Payload. On failure, enqueue in memory.
+        after: async (user) => {
+          // push BA-induced ensure to the **front** of the queue
+          await syncUserToPayload(user)
+        },
+      },
+      // TODO: possibly offer "update"
+      delete: {
+        after: async (user) => {
+          await deleteUserFromPayload(user.id)
+        },
+      },
+    },
+  }
+}

package/src/better-auth/helpers.ts

@@ -0,0 +1,3 @@
+export type AuthMethod =
+  | { method: 'emailAndPassword'; options: { minPasswordLength: number } }
+  | { method: 'magicLink' }

package/src/better-auth/plugin.ts

@@ -0,0 +1,214 @@
+// src/plugins/reconcile-queue-plugin.ts
+import type { AuthContext, BetterAuthPlugin, DeepPartial } from 'better-auth'
+import type { SanitizedConfig } from 'payload'
+
+import { APIError } from 'better-auth/api'
+import { createAuthEndpoint, createAuthMiddleware } from 'better-auth/plugins'
+
+import type { AuthMethod } from './helpers'
+
+import { createDatabaseHooks } from './databaseHooks'
+import { type InitOptions, Queue } from './reconcile-queue'
+import {
+  type BAUser,
+  createDeleteUserFromPayload,
+  createListPayloadUsersPage,
+  createSyncUserToPayload,
+} from './sources'
+
+type PayloadSyncPluginContext = { payloadSyncPlugin: { queue: Queue } } & AuthContext
+
+type CreateAdminsUser = Parameters<AuthContext['internalAdapter']['createUser']>['0']
+
+const defaultLog = (msg: string, extra?: unknown) => {
+  console.log(`[reconcile] ${msg}`, extra ? JSON.stringify(extra, null, 2) : '')
+}
+
+export const payloadBetterAuthPlugin = (
+  opts: {
+    createAdmins?: { overwrite?: boolean; user: CreateAdminsUser }[]
+    enableLogging?: boolean
+    payloadConfig: Promise<SanitizedConfig>
+    token: string // simple header token for admin endpoints,
+  } & InitOptions,
+): BetterAuthPlugin => {
+  return {
+    id: 'reconcile-queue-plugin',
+    endpoints: {
+      run: createAuthEndpoint(
+        '/reconcile/run',
+        { method: 'POST' },
+        async ({ context, json, request }) => {
+          if (opts.token && request?.headers.get('x-reconcile-token') !== opts.token) {
+            throw new APIError('UNAUTHORIZED', { message: 'invalid token' })
+          }
+          await (context as PayloadSyncPluginContext).payloadSyncPlugin.queue.seedFullReconcile()
+          return json({ ok: true })
+        },
+      ),
+      status: createAuthEndpoint(
+        '/reconcile/status',
+        { method: 'GET' },
+        async ({ context, json, request }) => {
+          if (opts.token && request?.headers.get('x-reconcile-token') !== opts.token) {
+            return Promise.reject(
+              new APIError('UNAUTHORIZED', { message: 'invalid token' }) as Error,
+            )
+          }
+          return json((context as PayloadSyncPluginContext).payloadSyncPlugin.queue.status())
+        },
+      ),
+      // convenience for tests/admin tools (optional)
+      authMethods: createAuthEndpoint(
+        '/auth/methods',
+        { method: 'GET' },
+        async ({ context, json }) => {
+          const authMethods: AuthMethod[] = []
+          // Check if emailAndPassword is enabled, or if present at all (not present defaults to false)
+          if (context.options.emailAndPassword?.enabled) {
+            authMethods.push({
+              method: 'emailAndPassword',
+              options: {
+                minPasswordLength: context.options.emailAndPassword.minPasswordLength ?? 0,
+              },
+            })
+          }
+          if (context.options.plugins?.some((p) => p.id === 'magic-link')) {
+            authMethods.push({ method: 'magicLink' })
+          }
+
+          return await json(authMethods)
+        },
+      ),
+      deleteNow: createAuthEndpoint(
+        '/reconcile/delete',
+        { method: 'POST' },
+        async ({ context, json, request }) => {
+          if (opts.token && request?.headers.get('x-reconcile-token') !== opts.token) {
+            throw new APIError('UNAUTHORIZED', { message: 'invalid token' })
+          }
+          const body = (await request?.json().catch(() => ({}))) as { baId?: string } | undefined
+          const baId = body?.baId
+          if (!baId) {
+            throw new APIError('BAD_REQUEST', { message: 'missing baId' })
+          }
+          ;(context as PayloadSyncPluginContext).payloadSyncPlugin.queue.enqueueDelete(
+            baId,
+            true,
+            'user-operation',
+          )
+          return json({ ok: true })
+        },
+      ),
+      ensureNow: createAuthEndpoint(
+        '/reconcile/ensure',
+        { method: 'POST' },
+        async ({ context, json, request }) => {
+          if (opts.token && request?.headers.get('x-reconcile-token') !== opts.token) {
+            throw new APIError('UNAUTHORIZED', { message: 'invalid token' })
+          }
+          const body = (await request?.json().catch(() => ({}))) as { user?: BAUser } | undefined
+          const user = body?.user
+          if (!user?.id) {
+            throw new APIError('BAD_REQUEST', { message: 'missing user' })
+          }
+          ;(context as PayloadSyncPluginContext).payloadSyncPlugin.queue.enqueueEnsure(
+            user,
+            true,
+            'user-operation',
+          )
+          return json({ ok: true })
+        },
+      ),
+    },
+    hooks: {
+      before: [
+        {
+          handler: createAuthMiddleware(async (ctx) => {
+            const locale = ctx.getHeader('User-Locale')
+            return Promise.resolve({
+              context: { ...ctx, body: { ...ctx.body, locale: locale ?? undefined } },
+            })
+          }),
+          matcher: (context) => {
+            return context.path === '/sign-up/email'
+          },
+        },
+      ],
+    },
+    schema: {
+      user: {
+        fields: {
+          locale: {
+            type: 'string',
+            required: false,
+          },
+        },
+      },
+    },
+    // TODO: the queue must be destroyed on better auth instance destruction, as it utilizes timers.
+    async init({ internalAdapter, password }) {
+      if (opts.createAdmins) {
+        try {
+          await Promise.all(
+            opts.createAdmins.map(async ({ overwrite, user }) => {
+              const alreadyExistingUser = await internalAdapter.findUserByEmail(user.email)
+              if (alreadyExistingUser) {
+                if (overwrite) {
+                  // clear accounts
+                  await internalAdapter.deleteAccounts(alreadyExistingUser.user.id)
+                  const createdUser = await internalAdapter.updateUser(
+                    alreadyExistingUser.user.id,
+                    {
+                      ...user,
+                      role: 'admin',
+                    },
+                  )
+                  // assuming this creates an account?
+                  await internalAdapter.linkAccount({
+                    accountId: createdUser.id,
+                    password: await password.hash(user.password),
+                    providerId: 'credential',
+                    userId: createdUser.id,
+                  })
+                }
+              }
+              // if the user doesnt exist there can't be an account
+              else {
+                const createdUser = await internalAdapter.createUser({ ...user, role: 'admin' })
+                await internalAdapter.linkAccount({
+                  accountId: createdUser.id,
+                  password: await password.hash(user.password),
+                  providerId: 'credential',
+                  userId: createdUser.id,
+                })
+              }
+            }),
+          )
+        } catch (error) {
+          if (opts.enableLogging) {
+            defaultLog('Failed to create Admin user', error)
+          }
+        }
+      }
+
+      const queue = new Queue(
+        {
+          deleteUserFromPayload: createDeleteUserFromPayload(opts.payloadConfig),
+          internalAdapter,
+          listPayloadUsersPage: createListPayloadUsersPage(opts.payloadConfig),
+          log: opts.enableLogging ? defaultLog : undefined,
+          syncUserToPayload: createSyncUserToPayload(opts.payloadConfig),
+        },
+        opts,
+      )
+      return {
+        context: { payloadSyncPlugin: { queue } } as DeepPartial<Omit<AuthContext, 'options'>>,
+        options: {
+          databaseHooks: createDatabaseHooks({ config: opts.payloadConfig }),
+          user: { deleteUser: { enabled: true } },
+        },
+      }
+    },
+  }
+}