sa2kit 2.0.4 → 3.1.0

package/dist/common/auth/schema/index.js

@@ -0,0 +1,49 @@
+'use strict';
+
+var chunkLGHUCQIU_js = require('../../../chunk-LGHUCQIU.js');
+require('../../../chunk-NSBPE2FW.js');
+
+
+
+Object.defineProperty(exports, "account", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.account; }
+});
+Object.defineProperty(exports, "accountRelations", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.accountRelations; }
+});
+Object.defineProperty(exports, "authDrizzleSchema", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.authDrizzleSchema; }
+});
+Object.defineProperty(exports, "session", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.session; }
+});
+Object.defineProperty(exports, "sessionRelations", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.sessionRelations; }
+});
+Object.defineProperty(exports, "user", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.user; }
+});
+Object.defineProperty(exports, "userRelations", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.userRelations; }
+});
+Object.defineProperty(exports, "userRole", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.userRole; }
+});
+Object.defineProperty(exports, "verification", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.verification; }
+});
+Object.defineProperty(exports, "verifications", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.verifications; }
+});
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/common/auth/schema/index.mjs

@@ -0,0 +1,4 @@
+export { account, accountRelations, authDrizzleSchema, session, sessionRelations, user, userRelations, userRole, verification, verifications } from '../../../chunk-EBHPTFG6.mjs';
+import '../../../chunk-MAI35PU6.mjs';
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/common/auth/server/index.d.mts

@@ -1,33 +1,89 @@
-import { U as UserRole } from '../../../enums-Dume-V5Y.mjs';
-export { u as userRole } from '../../../enums-Dume-V5Y.mjs';
-export { Account, NewAccount, NewSession, NewUser, NewVerification, Session, User, Verification, account, accountRelations, session, sessionRelations, user, userRelations, verifications } from '../../../auth/schema/index.mjs';
-export { a as AuthResult, A as AuthServiceConfig, D as DrizzleAuthService, S as SessionInfo, U as UserInfo, V as VerifyResult } from '../../../drizzle-auth-service-D-pljzCD.mjs';
-export { JwtPayload, generateToken, getTokenFromRequest, hashPassword, verifyJwtToken, verifyPassword } from '../../../auth/services/index.mjs';
-import { NextRequest } from 'next/server';
-export { AnalyticsEvent, AnalyticsService, ApiResponse, BaseRouteConfig, LoginRouteConfig, RegisterRouteConfig, createAnalyticsAdapter, createDefaultBaseConfig, createDefaultLoginConfig, createDefaultRegisterConfig, createLoginHandler, createLoginOptionsHandler, createLogoutHandler, createLogoutOptionsHandler, createMeHandler, createMeOptionsHandler, createRegisterHandler, createRegisterOptionsHandler } from '../../../auth/routes/index.mjs';
-export { AuthLevel, AuthMiddlewareConfig, RouteContext, RouteHandler, createAuthMiddleware } from '../../../auth/middleware/index.mjs';
-import 'drizzle-orm/pg-core';
+export { Account, NewAccount, NewSession, NewUser, NewVerification, Session, User, Verification, account, accountRelations, authDrizzleSchema, session, sessionRelations, user, userRelations, verification, verifications } from '../schema/index.mjs';
+export { U as UserRole, u as userRole } from '../../../enums-Dume-V5Y.mjs';
 import 'drizzle-orm';
+import 'drizzle-orm/pg-core';
 
 /**
- * 验证 API 请求的身份
- * 从请求头中获取 Token 并验证，返回用户信息
+ * sa2kit auth 服务端配置类型（Better Auth 3.0）
  */
-declare function validateApiAuth(request: NextRequest): Promise<{
-    id: string;
-    email: string;
-    username: string | undefined;
-    role: UserRole;
-} | null>;
+type Sa2kitSmsProvider = {
+    sendOTP: (phoneNumber: string, code: string) => void | Promise<void>;
+};
+type Sa2kitEmailProvider = {
+    sendVerificationOTP: (email: string, otp: string, type: string) => void | Promise<void>;
+};
+type Sa2kitAuthConfig = {
+    db: unknown;
+    baseURL: string;
+    secret: string;
+    trustedOrigins?: string[];
+    basePath?: string;
+    sms?: Sa2kitSmsProvider;
+    email?: Sa2kitEmailProvider;
+    phoneNumberValidator?: (phoneNumber: string) => boolean;
+    logOtpInDev?: boolean;
+};
+/** Better Auth 实例（运行时完整 API，类型刻意保持宽松以便跨插件版本） */
+type Sa2kitAuthInstance = {
+    handler: (request: Request) => Promise<Response>;
+    api: {
+        getSession: (ctx: {
+            headers: Headers;
+        }) => Promise<{
+            user: Record<string, unknown>;
+        } | null>;
+        [key: string]: unknown;
+    };
+    [key: string]: unknown;
+};
+type Sa2kitAuth = Sa2kitAuthInstance;
+
+declare function createSa2kitAuth(config: Sa2kitAuthConfig): Sa2kitAuthInstance;
+
+declare function mountNextAuthHandler(auth: Sa2kitAuthInstance): {
+    GET: (request: Request) => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+    PATCH: (request: Request) => Promise<Response>;
+    PUT: (request: Request) => Promise<Response>;
+    DELETE: (request: Request) => Promise<Response>;
+};
+
 /**
- * 验证 API 请求的身份（针对使用数字 ID 的项目）
- * 将 string 类型的 userId 转换为 number 类型
+ * Hono / 通用 fetch handler
  */
-declare function validateApiAuthNumeric(request: NextRequest): Promise<{
-    id: number;
+
+declare function mountAuthHandler(auth: Sa2kitAuthInstance): (request: Request) => Promise<Response>;
+declare function createAuthRouteHandlers(auth: Sa2kitAuthInstance): {
+    GET: (request: Request) => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+    PUT: (request: Request) => Promise<Response>;
+    PATCH: (request: Request) => Promise<Response>;
+    DELETE: (request: Request) => Promise<Response>;
+};
+
+/**
+ * 从 Request 解析 Better Auth session（替代自研 JWT validateApiAuth）
+ */
+
+type SessionUser = {
+    id: string;
     email: string;
-    username: string | undefined;
-    role: UserRole;
-} | null>;
+    name: string;
+    role?: string;
+    phoneNumber?: string | null;
+};
+declare function getSessionUser(auth: Sa2kitAuthInstance, request: Request): Promise<SessionUser | null>;
+type SessionUserNumeric = Omit<SessionUser, 'id'> & {
+    id: number;
+};
+/** 兼容 numeric id 消费方（legacy calendar 等） */
+declare function getSessionUserNumeric(auth: Sa2kitAuthInstance, request: Request): Promise<SessionUserNumeric | null>;
+declare function createSessionValidator(auth: Sa2kitAuthInstance): {
+    getSessionUser: (request: Request) => Promise<SessionUser | null>;
+    getSessionUserNumeric: (request: Request) => Promise<SessionUserNumeric | null>;
+};
+
+declare const defaultPhoneValidator: (phoneNumber: string) => boolean;
+declare const defaultTempEmailFromPhone: (phoneNumber: string) => string;
 
-export { UserRole, validateApiAuth, validateApiAuthNumeric };
+export { type Sa2kitAuth, type Sa2kitAuthConfig, type Sa2kitAuthInstance, type Sa2kitEmailProvider, type Sa2kitSmsProvider, type SessionUser, createAuthRouteHandlers, createSa2kitAuth, createSessionValidator, defaultPhoneValidator, defaultTempEmailFromPhone, getSessionUser, getSessionUserNumeric, mountAuthHandler, mountNextAuthHandler };

package/dist/common/auth/server/index.d.ts

@@ -1,33 +1,89 @@
-import { U as UserRole } from '../../../enums-Dume-V5Y.js';
-export { u as userRole } from '../../../enums-Dume-V5Y.js';
-export { Account, NewAccount, NewSession, NewUser, NewVerification, Session, User, Verification, account, accountRelations, session, sessionRelations, user, userRelations, verifications } from '../../../auth/schema/index.js';
-export { a as AuthResult, A as AuthServiceConfig, D as DrizzleAuthService, S as SessionInfo, U as UserInfo, V as VerifyResult } from '../../../drizzle-auth-service-D3qryE_I.js';
-export { JwtPayload, generateToken, getTokenFromRequest, hashPassword, verifyJwtToken, verifyPassword } from '../../../auth/services/index.js';
-import { NextRequest } from 'next/server';
-export { AnalyticsEvent, AnalyticsService, ApiResponse, BaseRouteConfig, LoginRouteConfig, RegisterRouteConfig, createAnalyticsAdapter, createDefaultBaseConfig, createDefaultLoginConfig, createDefaultRegisterConfig, createLoginHandler, createLoginOptionsHandler, createLogoutHandler, createLogoutOptionsHandler, createMeHandler, createMeOptionsHandler, createRegisterHandler, createRegisterOptionsHandler } from '../../../auth/routes/index.js';
-export { AuthLevel, AuthMiddlewareConfig, RouteContext, RouteHandler, createAuthMiddleware } from '../../../auth/middleware/index.js';
-import 'drizzle-orm/pg-core';
+export { Account, NewAccount, NewSession, NewUser, NewVerification, Session, User, Verification, account, accountRelations, authDrizzleSchema, session, sessionRelations, user, userRelations, verification, verifications } from '../schema/index.js';
+export { U as UserRole, u as userRole } from '../../../enums-Dume-V5Y.js';
 import 'drizzle-orm';
+import 'drizzle-orm/pg-core';
 
 /**
- * 验证 API 请求的身份
- * 从请求头中获取 Token 并验证，返回用户信息
+ * sa2kit auth 服务端配置类型（Better Auth 3.0）
  */
-declare function validateApiAuth(request: NextRequest): Promise<{
-    id: string;
-    email: string;
-    username: string | undefined;
-    role: UserRole;
-} | null>;
+type Sa2kitSmsProvider = {
+    sendOTP: (phoneNumber: string, code: string) => void | Promise<void>;
+};
+type Sa2kitEmailProvider = {
+    sendVerificationOTP: (email: string, otp: string, type: string) => void | Promise<void>;
+};
+type Sa2kitAuthConfig = {
+    db: unknown;
+    baseURL: string;
+    secret: string;
+    trustedOrigins?: string[];
+    basePath?: string;
+    sms?: Sa2kitSmsProvider;
+    email?: Sa2kitEmailProvider;
+    phoneNumberValidator?: (phoneNumber: string) => boolean;
+    logOtpInDev?: boolean;
+};
+/** Better Auth 实例（运行时完整 API，类型刻意保持宽松以便跨插件版本） */
+type Sa2kitAuthInstance = {
+    handler: (request: Request) => Promise<Response>;
+    api: {
+        getSession: (ctx: {
+            headers: Headers;
+        }) => Promise<{
+            user: Record<string, unknown>;
+        } | null>;
+        [key: string]: unknown;
+    };
+    [key: string]: unknown;
+};
+type Sa2kitAuth = Sa2kitAuthInstance;
+
+declare function createSa2kitAuth(config: Sa2kitAuthConfig): Sa2kitAuthInstance;
+
+declare function mountNextAuthHandler(auth: Sa2kitAuthInstance): {
+    GET: (request: Request) => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+    PATCH: (request: Request) => Promise<Response>;
+    PUT: (request: Request) => Promise<Response>;
+    DELETE: (request: Request) => Promise<Response>;
+};
+
 /**
- * 验证 API 请求的身份（针对使用数字 ID 的项目）
- * 将 string 类型的 userId 转换为 number 类型
+ * Hono / 通用 fetch handler
  */
-declare function validateApiAuthNumeric(request: NextRequest): Promise<{
-    id: number;
+
+declare function mountAuthHandler(auth: Sa2kitAuthInstance): (request: Request) => Promise<Response>;
+declare function createAuthRouteHandlers(auth: Sa2kitAuthInstance): {
+    GET: (request: Request) => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+    PUT: (request: Request) => Promise<Response>;
+    PATCH: (request: Request) => Promise<Response>;
+    DELETE: (request: Request) => Promise<Response>;
+};
+
+/**
+ * 从 Request 解析 Better Auth session（替代自研 JWT validateApiAuth）
+ */
+
+type SessionUser = {
+    id: string;
     email: string;
-    username: string | undefined;
-    role: UserRole;
-} | null>;
+    name: string;
+    role?: string;
+    phoneNumber?: string | null;
+};
+declare function getSessionUser(auth: Sa2kitAuthInstance, request: Request): Promise<SessionUser | null>;
+type SessionUserNumeric = Omit<SessionUser, 'id'> & {
+    id: number;
+};
+/** 兼容 numeric id 消费方（legacy calendar 等） */
+declare function getSessionUserNumeric(auth: Sa2kitAuthInstance, request: Request): Promise<SessionUserNumeric | null>;
+declare function createSessionValidator(auth: Sa2kitAuthInstance): {
+    getSessionUser: (request: Request) => Promise<SessionUser | null>;
+    getSessionUserNumeric: (request: Request) => Promise<SessionUserNumeric | null>;
+};
+
+declare const defaultPhoneValidator: (phoneNumber: string) => boolean;
+declare const defaultTempEmailFromPhone: (phoneNumber: string) => string;
 
-export { UserRole, validateApiAuth, validateApiAuthNumeric };
+export { type Sa2kitAuth, type Sa2kitAuthConfig, type Sa2kitAuthInstance, type Sa2kitEmailProvider, type Sa2kitSmsProvider, type SessionUser, createAuthRouteHandlers, createSa2kitAuth, createSessionValidator, defaultPhoneValidator, defaultTempEmailFromPhone, getSessionUser, getSessionUserNumeric, mountAuthHandler, mountNextAuthHandler };

package/dist/common/auth/server/index.js

@@ -1,129 +1,177 @@
 'use strict';
 
-var chunkQ2IAL7YV_js = require('../../../chunk-Q2IAL7YV.js');
-var chunkDCRD5CZB_js = require('../../../chunk-DCRD5CZB.js');
-var chunkJ4BEIZUC_js = require('../../../chunk-J4BEIZUC.js');
-var chunkDV6M7MFP_js = require('../../../chunk-DV6M7MFP.js');
-var chunk5WV35FPV_js = require('../../../chunk-5WV35FPV.js');
+var chunkLGHUCQIU_js = require('../../../chunk-LGHUCQIU.js');
 require('../../../chunk-NSBPE2FW.js');
+var betterAuth = require('better-auth');
+var drizzleAdapter = require('@better-auth/drizzle-adapter');
+var plugins = require('better-auth/plugins');
+var nextJs = require('better-auth/next-js');
 
+// src/common/auth/server/plugins/dev-otp.ts
+function createDevOtpLogger(enabled) {
+  if (!enabled || process.env.NODE_ENV === "production") {
+    return void 0;
+  }
+  return (channel, target, code) => {
+    console.info(`[sa2kit/auth][dev-otp][${channel}] ${target} => ${code}`);
+  };
+}
+var defaultPhoneValidator = (phoneNumber2) => /^1\d{10}$/.test(phoneNumber2);
+var defaultTempEmailFromPhone = (phoneNumber2) => `${phoneNumber2.replace(/\D/g, "")}@phone.sa2kit.local`;
 
+// src/common/auth/server/create-auth.ts
+function createSa2kitAuth(config) {
+  if (!config.secret || config.secret.length < 32) {
+    throw new Error("createSa2kitAuth: secret \u81F3\u5C11 32 \u5B57\u7B26");
+  }
+  const devLog = createDevOtpLogger(config.logOtpInDev ?? process.env.NODE_ENV !== "production");
+  const phoneValidator = config.phoneNumberValidator ?? defaultPhoneValidator;
+  const auth = betterAuth.betterAuth({
+    appName: "sa2kit",
+    baseURL: config.baseURL,
+    basePath: config.basePath ?? "/api/auth",
+    secret: config.secret,
+    trustedOrigins: config.trustedOrigins,
+    database: drizzleAdapter.drizzleAdapter(config.db, {
+      provider: "pg",
+      schema: chunkLGHUCQIU_js.authDrizzleSchema
+    }),
+    emailAndPassword: {
+      enabled: true
+    },
+    user: {
+      additionalFields: {
+        role: {
+          type: "string",
+          required: false,
+          defaultValue: "USER",
+          input: false
+        }
+      }
+    },
+    plugins: [
+      plugins.bearer(),
+      plugins.emailOTP({
+        async sendVerificationOTP({ email, otp, type }) {
+          devLog?.("email", `${email} (${type})`, otp);
+          if (config.email?.sendVerificationOTP) {
+            await config.email.sendVerificationOTP(email, otp, type);
+          }
+        }
+      }),
+      plugins.phoneNumber({
+        allowedAttempts: 5,
+        phoneNumberValidator: phoneValidator,
+        async sendOTP({ phoneNumber: phone, code }) {
+          devLog?.("sms", phone, code);
+          if (config.sms?.sendOTP) {
+            void config.sms.sendOTP(phone, code);
+          }
+        },
+        signUpOnVerification: {
+          getTempEmail: defaultTempEmailFromPhone,
+          getTempName: (phone) => phone
+        }
+      })
+    ]
+  });
+  return auth;
+}
+function mountNextAuthHandler(auth) {
+  return nextJs.toNextJsHandler(auth);
+}
+
+// src/common/auth/server/handler/hono.ts
+function mountAuthHandler(auth) {
+  return (request) => auth.handler(request);
+}
+function createAuthRouteHandlers(auth) {
+  const handler = mountAuthHandler(auth);
+  return {
+    GET: handler,
+    POST: handler,
+    PUT: handler,
+    PATCH: handler,
+    DELETE: handler
+  };
+}
+
+// src/common/auth/server/session.ts
+async function getSessionUser(auth, request) {
+  const session2 = await auth.api.getSession({ headers: request.headers });
+  if (!session2?.user) return null;
+  const user2 = session2.user;
+  return {
+    id: user2.id,
+    email: user2.email,
+    name: user2.name,
+    role: user2.role,
+    phoneNumber: user2.phoneNumber ?? null
+  };
+}
+async function getSessionUserNumeric(auth, request) {
+  const user2 = await getSessionUser(auth, request);
+  if (!user2) return null;
+  const numericId = Number.parseInt(user2.id, 10);
+  if (Number.isNaN(numericId)) return null;
+  const { id: _id, ...rest } = user2;
+  return { ...rest, id: numericId };
+}
+function createSessionValidator(auth) {
+  return {
+    getSessionUser: (request) => getSessionUser(auth, request),
+    getSessionUserNumeric: (request) => getSessionUserNumeric(auth, request)
+  };
+}
 
-Object.defineProperty(exports, "validateApiAuth", {
-  enumerable: true,
-  get: function () { return chunkQ2IAL7YV_js.validateApiAuth; }
-});
-Object.defineProperty(exports, "validateApiAuthNumeric", {
-  enumerable: true,
-  get: function () { return chunkQ2IAL7YV_js.validateApiAuthNumeric; }
-});
-Object.defineProperty(exports, "createAnalyticsAdapter", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createAnalyticsAdapter; }
-});
-Object.defineProperty(exports, "createDefaultBaseConfig", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createDefaultBaseConfig; }
-});
-Object.defineProperty(exports, "createDefaultLoginConfig", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createDefaultLoginConfig; }
-});
-Object.defineProperty(exports, "createDefaultRegisterConfig", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createDefaultRegisterConfig; }
-});
-Object.defineProperty(exports, "createLoginHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createLoginHandler; }
-});
-Object.defineProperty(exports, "createLoginOptionsHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createLoginOptionsHandler; }
-});
-Object.defineProperty(exports, "createLogoutHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createLogoutHandler; }
-});
-Object.defineProperty(exports, "createLogoutOptionsHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createLogoutOptionsHandler; }
-});
-Object.defineProperty(exports, "createMeHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createMeHandler; }
-});
-Object.defineProperty(exports, "createMeOptionsHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createMeOptionsHandler; }
-});
-Object.defineProperty(exports, "createRegisterHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createRegisterHandler; }
-});
-Object.defineProperty(exports, "createRegisterOptionsHandler", {
-  enumerable: true,
-  get: function () { return chunkDCRD5CZB_js.createRegisterOptionsHandler; }
-});
-Object.defineProperty(exports, "createAuthMiddleware", {
-  enumerable: true,
-  get: function () { return chunkJ4BEIZUC_js.createAuthMiddleware; }
-});
-Object.defineProperty(exports, "DrizzleAuthService", {
-  enumerable: true,
-  get: function () { return chunkDV6M7MFP_js.DrizzleAuthService; }
-});
-Object.defineProperty(exports, "generateToken", {
-  enumerable: true,
-  get: function () { return chunkDV6M7MFP_js.generateToken; }
-});
-Object.defineProperty(exports, "getTokenFromRequest", {
-  enumerable: true,
-  get: function () { return chunkDV6M7MFP_js.getTokenFromRequest; }
-});
-Object.defineProperty(exports, "hashPassword", {
-  enumerable: true,
-  get: function () { return chunkDV6M7MFP_js.hashPassword; }
-});
-Object.defineProperty(exports, "verifyJwtToken", {
-  enumerable: true,
-  get: function () { return chunkDV6M7MFP_js.verifyJwtToken; }
-});
-Object.defineProperty(exports, "verifyPassword", {
-  enumerable: true,
-  get: function () { return chunkDV6M7MFP_js.verifyPassword; }
-});
 Object.defineProperty(exports, "account", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.account; }
+  get: function () { return chunkLGHUCQIU_js.account; }
 });
 Object.defineProperty(exports, "accountRelations", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.accountRelations; }
+  get: function () { return chunkLGHUCQIU_js.accountRelations; }
+});
+Object.defineProperty(exports, "authDrizzleSchema", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.authDrizzleSchema; }
 });
 Object.defineProperty(exports, "session", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.session; }
+  get: function () { return chunkLGHUCQIU_js.session; }
 });
 Object.defineProperty(exports, "sessionRelations", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.sessionRelations; }
+  get: function () { return chunkLGHUCQIU_js.sessionRelations; }
 });
 Object.defineProperty(exports, "user", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.user; }
+  get: function () { return chunkLGHUCQIU_js.user; }
 });
 Object.defineProperty(exports, "userRelations", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.userRelations; }
+  get: function () { return chunkLGHUCQIU_js.userRelations; }
 });
 Object.defineProperty(exports, "userRole", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.userRole; }
+  get: function () { return chunkLGHUCQIU_js.userRole; }
 });
-Object.defineProperty(exports, "verifications", {
+Object.defineProperty(exports, "verification", {
   enumerable: true,
-  get: function () { return chunk5WV35FPV_js.verifications; }
+  get: function () { return chunkLGHUCQIU_js.verification; }
 });
+Object.defineProperty(exports, "verifications", {
+  enumerable: true,
+  get: function () { return chunkLGHUCQIU_js.verifications; }
+});
+exports.createAuthRouteHandlers = createAuthRouteHandlers;
+exports.createSa2kitAuth = createSa2kitAuth;
+exports.createSessionValidator = createSessionValidator;
+exports.defaultPhoneValidator = defaultPhoneValidator;
+exports.defaultTempEmailFromPhone = defaultTempEmailFromPhone;
+exports.getSessionUser = getSessionUser;
+exports.getSessionUserNumeric = getSessionUserNumeric;
+exports.mountAuthHandler = mountAuthHandler;
+exports.mountNextAuthHandler = mountNextAuthHandler;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/common/auth/server/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"index.js"}
+{"version":3,"sources":["../../../../src/common/auth/server/plugins/dev-otp.ts","../../../../src/common/auth/server/create-auth.ts","../../../../src/common/auth/server/handler/next.ts","../../../../src/common/auth/server/handler/hono.ts","../../../../src/common/auth/server/session.ts"],"names":["phoneNumber","betterAuth","drizzleAdapter","authDrizzleSchema","bearer","emailOTP","toNextJsHandler","session","user"],"mappings":";;;;;;;;;;AAGO,SAAS,mBAAmB,OAAA,EAAkB;AACnD,EAAA,IAAI,CAAC,OAAA,IAAW,OAAA,CAAQ,GAAA,CAAI,aAAa,YAAA,EAAc;AACrD,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,CAAC,OAAA,EAA0B,MAAA,EAAgB,IAAA,KAAiB;AACjE,IAAA,OAAA,CAAQ,KAAK,CAAA,uBAAA,EAA0B,OAAO,KAAK,MAAM,CAAA,IAAA,EAAO,IAAI,CAAA,CAAE,CAAA;AAAA,EACxE,CAAA;AACF;AAEO,IAAM,qBAAA,GAAwB,CAACA,YAAAA,KAAwB,WAAA,CAAY,KAAKA,YAAW;AAEnF,IAAM,yBAAA,GAA4B,CAACA,YAAAA,KACxC,CAAA,EAAGA,aAAY,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAC,CAAA,mBAAA;;;ACG5B,SAAS,iBAAiB,MAAA,EAA8C;AAC7E,EAAA,IAAI,CAAC,MAAA,CAAO,MAAA,IAAU,MAAA,CAAO,MAAA,CAAO,SAAS,EAAA,EAAI;AAC/C,IAAA,MAAM,IAAI,MAAM,uDAAmC,CAAA;AAAA,EACrD;AAEA,EAAA,MAAM,SAAS,kBAAA,CAAmB,MAAA,CAAO,eAAe,OAAA,CAAQ,GAAA,CAAI,aAAa,YAAY,CAAA;AAC7F,EAAA,MAAM,cAAA,GAAiB,OAAO,oBAAA,IAAwB,qBAAA;AAEtD,EAAA,MAAM,OAAOC,qBAAA,CAAW;AAAA,IACtB,OAAA,EAAS,QAAA;AAAA,IACT,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,QAAA,EAAU,OAAO,QAAA,IAAY,WAAA;AAAA,IAC7B,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,gBAAgB,MAAA,CAAO,cAAA;AAAA,IACvB,QAAA,EAAUC,6BAAA,CAAe,MAAA,CAAO,EAAA,EAAa;AAAA,MAC3C,QAAA,EAAU,IAAA;AAAA,MACV,MAAA,EAAQC;AAAA,KACT,CAAA;AAAA,IACD,gBAAA,EAAkB;AAAA,MAChB,OAAA,EAAS;AAAA,KACX;AAAA,IACA,IAAA,EAAM;AAAA,MACJ,gBAAA,EAAkB;AAAA,QAChB,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,QAAA;AAAA,UACN,QAAA,EAAU,KAAA;AAAA,UACV,YAAA,EAAc,MAAA;AAAA,UACd,KAAA,EAAO;AAAA;AACT;AACF,KACF;AAAA,IACA,OAAA,EAAS;AAAA,MACPC,cAAA,EAAO;AAAA,MACPC,gBAAA,CAAS;AAAA,QACP,MAAM,mBAAA,CAAoB,EAAE,KAAA,EAAO,GAAA,EAAK,MAAK,EAAG;AAC9C,UAAA,MAAA,GAAS,SAAS,CAAA,EAAG,KAAK,CAAA,EAAA,EAAK,IAAI,KAAK,GAAG,CAAA;AAC3C,UAAA,IAAI,MAAA,CAAO,OAAO,mBAAA,EAAqB;AACrC,YAAA,MAAM,MAAA,CAAO,KAAA,CAAM,mBAAA,CAAoB,KAAA,EAAO,KAAK,IAAI,CAAA;AAAA,UACzD;AAAA,QACF;AAAA,OACD,CAAA;AAAA,MACDL,mBAAA,CAAY;AAAA,QACV,eAAA,EAAiB,CAAA;AAAA,QACjB,oBAAA,EAAsB,cAAA;AAAA,QACtB,MAAM,OAAA,CAAQ,EAAE,WAAA,EAAa,KAAA,EAAO,MAAK,EAAG;AAC1C,UAAA,MAAA,GAAS,KAAA,EAAO,OAAO,IAAI,CAAA;AAC3B,UAAA,IAAI,MAAA,CAAO,KAAK,OAAA,EAAS;AACvB,YAAA,KAAK,MAAA,CAAO,GAAA,CAAI,OAAA,CAAQ,KAAA,EAAO,IAAI,CAAA;AAAA,UACrC;AAAA,QACF,CAAA;AAAA,QACA,oBAAA,EAAsB;AAAA,UACpB,YAAA,EAAc,yBAAA;AAAA,UACd,WAAA,EAAa,CAAC,KAAA,KAAU;AAAA;AAC1B,OACD;AAAA;AACH,GACD,CAAA;AAED,EAAA,OAAO,IAAA;AACT;ACvEO,SAAS,qBAAqB,IAAA,EAA0B;AAC7D,EAAA,OAAOM,uBAAgB,IAAI,CAAA;AAC7B;;;ACHO,SAAS,iBAAiB,IAAA,EAA0B;AACzD,EAAA,OAAO,CAAC,OAAA,KAAqB,IAAA,CAAK,OAAA,CAAQ,OAAO,CAAA;AACnD;AAEO,SAAS,wBAAwB,IAAA,EAA0B;AAChE,EAAA,MAAM,OAAA,GAAU,iBAAiB,IAAI,CAAA;AACrC,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,OAAA;AAAA,IACL,IAAA,EAAM,OAAA;AAAA,IACN,GAAA,EAAK,OAAA;AAAA,IACL,KAAA,EAAO,OAAA;AAAA,IACP,MAAA,EAAQ;AAAA,GACV;AACF;;;ACLA,eAAsB,cAAA,CACpB,MACA,OAAA,EAC6B;AAC7B,EAAA,MAAMC,QAAAA,GAAU,MAAM,IAAA,CAAK,GAAA,CAAI,WAAW,EAAE,OAAA,EAAS,OAAA,CAAQ,OAAA,EAAS,CAAA;AACtE,EAAA,IAAI,CAACA,QAAAA,EAAS,IAAA,EAAM,OAAO,IAAA;AAE3B,EAAA,MAAMC,QAAOD,QAAAA,CAAQ,IAAA;AACrB,EAAA,OAAO;AAAA,IACL,IAAIC,KAAAA,CAAK,EAAA;AAAA,IACT,OAAOA,KAAAA,CAAK,KAAA;AAAA,IACZ,MAAMA,KAAAA,CAAK,IAAA;AAAA,IACX,MAAMA,KAAAA,CAAK,IAAA;AAAA,IACX,WAAA,EAAcA,MAAyC,WAAA,IAAe;AAAA,GACxE;AACF;AAKA,eAAsB,qBAAA,CACpB,MACA,OAAA,EACoC;AACpC,EAAA,MAAMA,KAAAA,GAAO,MAAM,cAAA,CAAe,IAAA,EAAM,OAAO,CAAA;AAC/C,EAAA,IAAI,CAACA,OAAM,OAAO,IAAA;AAClB,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,QAAA,CAASA,KAAAA,CAAK,IAAI,EAAE,CAAA;AAC7C,EAAA,IAAI,MAAA,CAAO,KAAA,CAAM,SAAS,CAAA,EAAG,OAAO,IAAA;AACpC,EAAA,MAAM,EAAE,EAAA,EAAI,GAAA,EAAK,GAAG,MAAK,GAAIA,KAAAA;AAC7B,EAAA,OAAO,EAAE,GAAG,IAAA,EAAM,EAAA,EAAI,SAAA,EAAU;AAClC;AAEO,SAAS,uBAAuB,IAAA,EAA0B;AAC/D,EAAA,OAAO;AAAA,IACL,cAAA,EAAgB,CAAC,OAAA,KAAqB,cAAA,CAAe,MAAM,OAAO,CAAA;AAAA,IAClE,qBAAA,EAAuB,CAAC,OAAA,KAAqB,qBAAA,CAAsB,MAAM,OAAO;AAAA,GAClF;AACF","file":"index.js","sourcesContent":["/**\n * 开发 / 测试环境 OTP 输出（禁止生产依赖）\n */\nexport function createDevOtpLogger(enabled: boolean) {\n  if (!enabled || process.env.NODE_ENV === 'production') {\n    return undefined;\n  }\n  return (channel: 'sms' | 'email', target: string, code: string) => {\n    console.info(`[sa2kit/auth][dev-otp][${channel}] ${target} => ${code}`);\n  };\n}\n\nexport const defaultPhoneValidator = (phoneNumber: string) => /^1\\d{10}$/.test(phoneNumber);\n\nexport const defaultTempEmailFromPhone = (phoneNumber: string) =>\n  `${phoneNumber.replace(/\\D/g, '')}@phone.sa2kit.local`;\n","/**\n * Better Auth 服务端工厂（sa2kit 3.0 SSOT）\n */\nimport { betterAuth } from 'better-auth';\nimport { drizzleAdapter } from '@better-auth/drizzle-adapter';\nimport { emailOTP } from 'better-auth/plugins';\nimport { phoneNumber } from 'better-auth/plugins';\nimport { bearer } from 'better-auth/plugins';\nimport { authDrizzleSchema } from '../schema';\nimport type { Sa2kitAuthConfig, Sa2kitAuthInstance } from './types';\nimport {\n  createDevOtpLogger,\n  defaultPhoneValidator,\n  defaultTempEmailFromPhone,\n} from './plugins/dev-otp';\n\nexport type { Sa2kitAuthInstance } from './types';\n\nexport function createSa2kitAuth(config: Sa2kitAuthConfig): Sa2kitAuthInstance {\n  if (!config.secret || config.secret.length < 32) {\n    throw new Error('createSa2kitAuth: secret 至少 32 字符');\n  }\n\n  const devLog = createDevOtpLogger(config.logOtpInDev ?? process.env.NODE_ENV !== 'production');\n  const phoneValidator = config.phoneNumberValidator ?? defaultPhoneValidator;\n\n  const auth = betterAuth({\n    appName: 'sa2kit',\n    baseURL: config.baseURL,\n    basePath: config.basePath ?? '/api/auth',\n    secret: config.secret,\n    trustedOrigins: config.trustedOrigins,\n    database: drizzleAdapter(config.db as never, {\n      provider: 'pg',\n      schema: authDrizzleSchema,\n    }),\n    emailAndPassword: {\n      enabled: true,\n    },\n    user: {\n      additionalFields: {\n        role: {\n          type: 'string',\n          required: false,\n          defaultValue: 'USER',\n          input: false,\n        },\n      },\n    },\n    plugins: [\n      bearer(),\n      emailOTP({\n        async sendVerificationOTP({ email, otp, type }) {\n          devLog?.('email', `${email} (${type})`, otp);\n          if (config.email?.sendVerificationOTP) {\n            await config.email.sendVerificationOTP(email, otp, type);\n          }\n        },\n      }),\n      phoneNumber({\n        allowedAttempts: 5,\n        phoneNumberValidator: phoneValidator,\n        async sendOTP({ phoneNumber: phone, code }) {\n          devLog?.('sms', phone, code);\n          if (config.sms?.sendOTP) {\n            void config.sms.sendOTP(phone, code);\n          }\n        },\n        signUpOnVerification: {\n          getTempEmail: defaultTempEmailFromPhone,\n          getTempName: (phone) => phone,\n        },\n      }),\n    ],\n  }) as unknown as Sa2kitAuthInstance;\n\n  return auth;\n}\n","/**\n * Next.js App Router handler 挂载\n */\nimport { toNextJsHandler } from 'better-auth/next-js';\nimport type { Sa2kitAuthInstance } from '../create-auth';\n\nexport function mountNextAuthHandler(auth: Sa2kitAuthInstance) {\n  return toNextJsHandler(auth);\n}\n","/**\n * Hono / 通用 fetch handler\n */\nimport type { Sa2kitAuthInstance } from '../create-auth';\n\nexport function mountAuthHandler(auth: Sa2kitAuthInstance) {\n  return (request: Request) => auth.handler(request);\n}\n\nexport function createAuthRouteHandlers(auth: Sa2kitAuthInstance) {\n  const handler = mountAuthHandler(auth);\n  return {\n    GET: handler,\n    POST: handler,\n    PUT: handler,\n    PATCH: handler,\n    DELETE: handler,\n  };\n}\n","/**\n * 从 Request 解析 Better Auth session（替代自研 JWT validateApiAuth）\n */\nimport type { Sa2kitAuthInstance } from './types';\n\nexport type SessionUser = {\n  id: string;\n  email: string;\n  name: string;\n  role?: string;\n  phoneNumber?: string | null;\n};\n\nexport async function getSessionUser(\n  auth: Sa2kitAuthInstance,\n  request: Request,\n): Promise<SessionUser | null> {\n  const session = await auth.api.getSession({ headers: request.headers });\n  if (!session?.user) return null;\n\n  const user = session.user as SessionUser & { role?: string };\n  return {\n    id: user.id,\n    email: user.email,\n    name: user.name,\n    role: user.role,\n    phoneNumber: (user as { phoneNumber?: string | null }).phoneNumber ?? null,\n  };\n}\n\nexport type SessionUserNumeric = Omit<SessionUser, 'id'> & { id: number };\n\n/** 兼容 numeric id 消费方（legacy calendar 等） */\nexport async function getSessionUserNumeric(\n  auth: Sa2kitAuthInstance,\n  request: Request,\n): Promise<SessionUserNumeric | null> {\n  const user = await getSessionUser(auth, request);\n  if (!user) return null;\n  const numericId = Number.parseInt(user.id, 10);\n  if (Number.isNaN(numericId)) return null;\n  const { id: _id, ...rest } = user;\n  return { ...rest, id: numericId };\n}\n\nexport function createSessionValidator(auth: Sa2kitAuthInstance) {\n  return {\n    getSessionUser: (request: Request) => getSessionUser(auth, request),\n    getSessionUserNumeric: (request: Request) => getSessionUserNumeric(auth, request),\n  };\n}\n"]}