import { BetterAuthDBSchema, ModelNames, SecondaryStorage } from "../db/type.mjs"; import { Account } from "../db/schema/account.mjs"; import { Session } from "../db/schema/session.mjs"; import { User } from "../db/schema/user.mjs"; import { Verification } from "../db/schema/verification.mjs"; import "../db/index.mjs"; import { Awaitable } from "./helper.mjs"; import { DBAdapter, Where } from "../db/adapter/index.mjs"; import { createLogger } from "../env/logger.mjs"; import { OAuthProvider } from "../oauth2/oauth-provider.mjs"; import "../oauth2/index.mjs"; import { BetterAuthCookie, BetterAuthCookies } from "./cookie.mjs"; import { BetterAuthPlugin } from "./plugin.mjs"; import { BetterAuthOptions, BetterAuthRateLimitOptions } from "./init-options.mjs"; import { CookieOptions, EndpointContext } from "better-call"; //#region src/types/context.d.ts type GenericEndpointContext = EndpointContext & { context: AuthContext; }; interface InternalAdapter<_Options extends BetterAuthOptions = BetterAuthOptions> { createOAuthUser(user: Omit, account: Omit & Partial): Promise<{ user: User; account: Account; }>; createUser>(user: Omit & Partial & Record): Promise; createAccount>(account: Omit & Partial & T): Promise; listSessions(userId: string): Promise; listUsers(limit?: number | undefined, offset?: number | undefined, sortBy?: { field: string; direction: "asc" | "desc"; } | undefined, where?: Where[] | undefined): Promise; countTotalUsers(where?: Where[] | undefined): Promise; deleteUser(userId: string): Promise; createSession(userId: string, dontRememberMe?: boolean | undefined, override?: (Partial & Record) | undefined, overrideAll?: boolean | undefined): Promise; findSession(token: string): Promise<{ session: Session & Record; user: User & Record; } | null>; findSessions(sessionTokens: string[]): Promise<{ session: Session; user: User; }[]>; updateSession(sessionToken: string, session: Partial & Record): Promise; deleteSession(token: string): Promise; deleteAccounts(userId: string): Promise; deleteAccount(accountId: string): Promise; deleteSessions(userIdOrSessionTokens: string | string[]): Promise; findOAuthUser(email: string, accountId: string, providerId: string): Promise<{ user: User; linkedAccount: Account | null; accounts: Account[]; } | null>; findUserByEmail(email: string, options?: { includeAccounts: boolean; } | undefined): Promise<{ user: User; accounts: Account[]; } | null>; findUserById(userId: string): Promise; linkAccount(account: Omit & Partial): Promise; updateUser>(userId: string, data: Partial & Record): Promise; updateUserByEmail>(email: string, data: Partial>): Promise; updatePassword(userId: string, password: string): Promise; findAccounts(userId: string): Promise; findAccount(accountId: string): Promise; findAccountByProviderId(accountId: string, providerId: string): Promise; findAccountByUserId(userId: string): Promise; updateAccount(id: string, data: Partial): Promise; createVerificationValue(data: Omit & Partial): Promise; findVerificationValue(identifier: string): Promise; deleteVerificationValue(id: string): Promise; deleteVerificationByIdentifier(identifier: string): Promise; updateVerificationValue(id: string, data: Partial): Promise; } type CreateCookieGetterFn = (cookieName: string, overrideAttributes?: Partial | undefined) => BetterAuthCookie; type CheckPasswordFn = (userId: string, ctx: GenericEndpointContext) => Promise; type PluginContext = { getPlugin: (pluginId: Plugin["id"]) => Plugin | null; }; type InfoContext = { appName: string; baseURL: string; version: string; }; type AuthContext = PluginContext & InfoContext & { options: Options; appName: string; baseURL: string; trustedOrigins: string[]; /** * Verifies whether url is a trusted origin according to the "trustedOrigins" configuration * @param url The url to verify against the "trustedOrigins" configuration * @param settings Specify supported pattern matching settings * @returns {boolean} true if the URL matches the origin pattern, false otherwise. */ isTrustedOrigin: (url: string, settings?: { allowRelativePaths: boolean; }) => boolean; oauthConfig: { /** * This is dangerous and should only be used in dev or staging environments. */ skipStateCookieCheck?: boolean | undefined; /** * Strategy for storing OAuth state * * - "cookie": Store state in an encrypted cookie (stateless) * - "database": Store state in the database * * @default "cookie" */ storeStateStrategy: "database" | "cookie"; }; /** * New session that will be set after the request * meaning: there is a `set-cookie` header that will set * the session cookie. This is the fetched session. And it's set * by `setNewSession` method. */ newSession: { session: Session & Record; user: User & Record; } | null; session: { session: Session & Record; user: User & Record; } | null; setNewSession: (session: { session: Session & Record; user: User & Record; } | null) => void; socialProviders: OAuthProvider[]; authCookies: BetterAuthCookies; logger: ReturnType; rateLimit: { enabled: boolean; window: number; max: number; storage: "memory" | "database" | "secondary-storage"; } & Omit; adapter: DBAdapter; internalAdapter: InternalAdapter; createAuthCookie: CreateCookieGetterFn; secret: string; sessionConfig: { updateAge: number; expiresIn: number; freshAge: number; cookieRefreshCache: false | { enabled: true; updateAge: number; }; }; generateId: (options: { model: ModelNames; size?: number | undefined; }) => string | false; secondaryStorage: SecondaryStorage | undefined; password: { hash: (password: string) => Promise; verify: (data: { password: string; hash: string; }) => Promise; config: { minPasswordLength: number; maxPasswordLength: number; }; checkPassword: CheckPasswordFn; }; tables: BetterAuthDBSchema; runMigrations: () => Promise; publishTelemetry: (event: { type: string; anonymousId?: string | undefined; payload: Record; }) => Promise; /** * Skip origin check for requests. * * - `true`: Skip for ALL requests (DANGEROUS - disables CSRF protection) * - `string[]`: Skip only for specific paths (e.g., SAML callbacks) * - `false`: Enable origin check (default) * * Paths support prefix matching (e.g., "/sso/saml2/callback" matches * "/sso/saml2/callback/provider-name"). * * @default false (true in test environments) */ skipOriginCheck: boolean | string[]; /** * This skips the CSRF check for all requests. * * This is inferred from the `options.advanced?. * disableCSRFCheck` option. * * @default false */ skipCSRFCheck: boolean; /** * Background task handler for deferred operations. * * This is inferred from the `options.advanced?.backgroundTasks?.handler` option. * Defaults to a no-op that just runs the promise. */ runInBackground: (promise: Promise) => void; /** * Runs a task in the background if `runInBackground` is configured, * otherwise awaits the task directly. * * This is useful for operations like sending emails where we want * to avoid blocking the response when possible (for timing attack * mitigation), but still ensure the operation completes. */ runInBackgroundOrAwait: (promise: Promise | void) => Awaitable; }; //#endregion export { AuthContext, GenericEndpointContext, InfoContext, InternalAdapter, PluginContext }; //# sourceMappingURL=context.d.mts.map