ref: client

2025-12-06 12:27:44 +00:00 · 2024-08-21 10:20:24 +03:00
parent 82ad3399ab
commit 4fe9e8f589
10 changed files with 308 additions and 102 deletions
--- a/dev/next-app/src/lib/auth.ts
+++ b/dev/next-app/src/lib/auth.ts
@@ -1,5 +1,5 @@
 import { betterAuth } from "better-auth";
-import { github } from "better-auth/provider";
+import { github, passkey } from "better-auth/provider";
 import { organization } from "better-auth/plugins";

 export const auth = betterAuth({
@@ -9,6 +9,10 @@ export const auth = betterAuth({
 			clientId: process.env.GITHUB_CLIENT_ID as string,
 			clientSecret: process.env.GITHUB_CLIENT_SECRET as string,
 		}),
+		passkey({
+			rpID: "localhost",
+			rpName: "Better Auth",
+		}),
 	],
 	database: {
 		provider: "sqlite",
@@ -18,5 +22,4 @@ export const auth = betterAuth({
 	emailAndPassword: {
 		enabled: true,
 	},
-	plugins: [organization()],
 });
--- a/packages/better-auth/package.json
+++ b/packages/better-auth/package.json
@@ -44,6 +44,7 @@
        "@nanostores/react": "^0.7.3",
        "@nanostores/solid": "^0.4.2",
        "@paralleldrive/cuid2": "^2.2.2",
+        "@simplewebauthn/browser": "^10.0.0",
        "@simplewebauthn/server": "^10.0.1",
        "arctic": "^1.9.2",
        "better-call": "^0.1.20",
--- a/packages/better-auth/src/client/index.ts
+++ b/packages/better-auth/src/client/index.ts
@@ -1,6 +1,12 @@
 import { ClientOptions } from "./base";
 import { BetterAuth } from "../auth";
-import { InferActions } from "./type";
+import {
+	InferActions,
+	InferredActions,
+	PickDefaultPaths,
+	PickOrganizationPaths,
+	PickProvidePaths,
+} from "./type";
 import { getProxy } from "./proxy";
 import { createClient } from "better-call/client";
 import {
@@ -14,17 +20,31 @@ import {
 	CustomProvider,
 	OAuthProvider,
 	OAuthProviderList,
+	Provider,
 } from "../types/provider";
 import { UnionToIntersection } from "../types/helper";
 import { Prettify } from "better-call";
 import { atom, computed, task } from "nanostores";
-import { FieldAttribute, InferFieldOutput, InferValueType } from "../db";
+import { FieldAttribute, InferFieldOutput } from "../db";
 import { Session, User } from "../adapters/schema";
 import {
 	Invitation,
 	Member,
 	Organization,
 } from "../plugins/organization/schema";
+import {
+	PublicKeyCredentialCreationOptionsJSON,
+	PublicKeyCredentialRequestOptionsJSON,
+} from "@simplewebauthn/types";
+import {
+	startAuthentication,
+	startRegistration,
+	WebAuthnError,
+} from "@simplewebauthn/browser";
+import { Passkey } from "../providers/passkey";
+import { getSessionAtom } from "./session-atom";
+import { getOrganizationAtoms } from "./org-atoms";
+import { getPasskeyActions } from "./passkey-actions";

 const redirectPlugin = {
 	id: "redirect",
@@ -108,16 +128,19 @@ export const createAuthClient = <Auth extends BetterAuth = BetterAuth>(
 	options?: ClientOptions,
 ) => {
 	type API = BetterAuth["api"];
+
 	const client = createClient<API>({
 		...options,
 		baseURL: options?.baseURL || inferBaeURL(),
 		plugins: [redirectPlugin, addCurrentURL, csrfPlugin],
 	});
+
 	const $fetch = createFetch({
 		...options,
 		baseURL: options?.baseURL || inferBaeURL(),
 		plugins: [redirectPlugin, addCurrentURL, csrfPlugin],
 	});
+
 	const signInOAuth = async (data: {
 		provider: Auth["options"]["providers"] extends Array<infer T>
 			? T extends OAuthProvider
@@ -135,101 +158,10 @@ export const createAuthClient = <Auth extends BetterAuth = BetterAuth>(
 		return res;
 	};

-	type ProviderEndpoint = UnionToIntersection<
-		Auth["options"]["providers"] extends Array<infer T>
-			? T extends CustomProvider
-				? T["endpoints"]
-				: {}
-			: {}
-	>;
-	type Actions = ProviderEndpoint & Auth["api"];
-
-	type ExcludeCredentialPaths = Auth["options"]["emailAndPassword"] extends {
-		enabled: true;
-	}
-		? ""
-		: "signUpCredential" | "signInCredential";
-	type OrganizationPaths = "$activeOrganization" | "setActiveOrg";
-	type ExcludeOrganizationPaths = Auth["options"]["plugins"] extends Array<
-		infer T
-	>
-		? T extends {
-				id: "organization";
-			}
-			? ""
-			: OrganizationPaths
-		: OrganizationPaths;
-	type ExcludedPaths =
-		| "signinOauth"
-		| "signUpOauth"
-		| "callback"
-		| "session"
-		| ExcludeCredentialPaths
-		| ExcludeOrganizationPaths;
-
-	const $signal = atom<boolean>(false);
-	const $listOrg = atom<boolean>(false);
-	const activeOrgId = atom<string | null>(null);
-	type AdditionalSessionFields = Auth["options"]["plugins"] extends Array<
-		infer T
-	>
-		? T extends {
-				schema: {
-					session: {
-						fields: infer Field;
-					};
-				};
-			}
-			? Field extends Record<string, FieldAttribute>
-				? InferFieldOutput<Field>
-				: {}
-			: {}
-		: {};
-
-	const $session = computed($signal, () =>
-		task(async () => {
-			const session = await client("/session", {
-				credentials: "include",
-				method: "GET",
-			});
-			return session.data as {
-				user: User;
-				session: Prettify<Session & AdditionalSessionFields>;
-			} | null;
-		}),
-	);
-	const $activeOrganization = computed(activeOrgId, () =>
-		task(async () => {
-			if (!activeOrgId.get()) {
-				return null;
-			}
-			const session = $session.get();
-			if (!session) {
-				return null;
-			}
-			const organization = await $fetch<
-				Prettify<
-					Organization & {
-						members: Member[];
-						invitations: Invitation[];
-					}
-				>
-			>("/organization/full", {
-				method: "GET",
-				credentials: "include",
-			});
-			return organization.data;
-		}),
-	);
-
-	const $listOrganizations = computed($listOrg, () =>
-		task(async () => {
-			const organizations = await $fetch<Organization[]>("/list/organization", {
-				method: "GET",
-			});
-			return organizations.data;
-		}),
-	);
+	const { $session } = getSessionAtom<Auth>($fetch);
+	const { signInPasskey, signUpPasskey } = getPasskeyActions($fetch);
+	const { $activeOrganization, $listOrganizations, activeOrgId, $listOrg } =
+		getOrganizationAtoms<Auth>($fetch, $session);

 	const actions = {
 		signInOAuth,
@@ -239,10 +171,19 @@ export const createAuthClient = <Auth extends BetterAuth = BetterAuth>(
 		setActiveOrg: (orgId: string | null) => {
 			activeOrgId.set(orgId);
 		},
+		signInPasskey,
+		signUpPasskey,
 	};

+	type PickedActions = Pick<
+		typeof actions,
+		| PickOrganizationPaths<Auth>
+		| PickDefaultPaths
+		| PickProvidePaths<"passkey", "signInPasskey" | "signUpPasskey", Auth>
+	>;
+
 	const proxy = getProxy(actions, client as BetterFetch, {
 		"create/organization": $listOrg,
-	}) as Prettify<Omit<InferActions<Actions>, ExcludedPaths>> & typeof actions;
+	}) as InferredActions<Auth> & PickedActions;
 	return proxy;
 };
--- a/packages/better-auth/src/client/org-atoms.ts
+++ b/packages/better-auth/src/client/org-atoms.ts
@@ -0,0 +1,56 @@
+import { BetterFetch } from "@better-fetch/fetch";
+import { BetterAuth } from "../auth";
+import { Atom, atom, computed, task } from "nanostores";
+import { Prettify } from "../types/helper";
+import {
+	Invitation,
+	Member,
+	Organization,
+} from "../plugins/organization/schema";
+
+export function getOrganizationAtoms<Auth extends BetterAuth>(
+	$fetch: BetterFetch,
+	$session: Atom,
+) {
+	const $listOrg = atom<boolean>(false);
+	const activeOrgId = atom<string | null>(null);
+	const $activeOrganization = computed(activeOrgId, () =>
+		task(async () => {
+			if (!activeOrgId.get()) {
+				return null;
+			}
+			const session = $session.get();
+			if (!session) {
+				return null;
+			}
+			const organization = await $fetch<
+				Prettify<
+					Organization & {
+						members: Member[];
+						invitations: Invitation[];
+					}
+				>
+			>("/organization/full", {
+				method: "GET",
+				credentials: "include",
+			});
+			return organization.data;
+		}),
+	);
+
+	const $listOrganizations = computed($listOrg, () =>
+		task(async () => {
+			const organizations = await $fetch<Organization[]>("/list/organization", {
+				method: "GET",
+			});
+			return organizations.data;
+		}),
+	);
+
+	return {
+		$listOrganizations,
+		$activeOrganization,
+		activeOrgId,
+		$listOrg,
+	};
+}
--- a/packages/better-auth/src/client/passkey-actions.ts
+++ b/packages/better-auth/src/client/passkey-actions.ts
@@ -0,0 +1,94 @@
+import { BetterFetch } from "@better-fetch/fetch";
+import {
+	startAuthentication,
+	startRegistration,
+	WebAuthnError,
+} from "@simplewebauthn/browser";
+import {
+	PublicKeyCredentialCreationOptionsJSON,
+	PublicKeyCredentialRequestOptionsJSON,
+} from "@simplewebauthn/types";
+import { Session } from "inspector";
+import { User } from "../adapters/schema";
+import { Passkey } from "../providers";
+
+export const getPasskeyActions = ($fetch: BetterFetch) => {
+	const signInPasskey = async (opts?: {
+		autoFill?: boolean;
+	}) => {
+		const response = await $fetch<PublicKeyCredentialRequestOptionsJSON>(
+			"/passkey/generate-authenticate-options",
+			{
+				method: "GET",
+			},
+		);
+		if (!response.data) {
+			return response;
+		}
+		try {
+			const res = await startAuthentication(
+				response.data,
+				opts?.autoFill || false,
+			);
+			const verified = await $fetch<{
+				session: Session;
+				user: User;
+			}>("/passkey/verify", {
+				body: {
+					response: res,
+					type: "authenticate",
+				},
+			});
+			if (!verified.data) {
+				return verified;
+			}
+		} catch (e) {
+			console.log(e);
+		}
+	};
+
+	const signUpPasskey = async (opts?: {
+		autoFill?: boolean;
+	}) => {
+		const options = await $fetch<PublicKeyCredentialCreationOptionsJSON>(
+			"/passkey/generate-register-options",
+			{
+				method: "GET",
+			},
+		);
+		if (!options.data) {
+			return options;
+		}
+		try {
+			const res = await startRegistration(options.data);
+			const verified = await $fetch<{
+				passkey: Passkey;
+			}>("/passkey/verify", {
+				body: {
+					response: res,
+					type: "register",
+				},
+			});
+			if (!verified.data) {
+				return verified;
+			}
+		} catch (e) {
+			if (e instanceof WebAuthnError) {
+				if (e.code === "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED") {
+					return {
+						data: null,
+						error: {
+							message: "previously registered",
+							status: 400,
+							statusText: "BAD_REQUEST",
+						},
+					};
+				}
+			}
+		}
+	};
+	return {
+		signInPasskey,
+		signUpPasskey,
+	};
+};
--- a/packages/better-auth/src/client/session-atom.ts
+++ b/packages/better-auth/src/client/session-atom.ts
@@ -0,0 +1,38 @@
+import { atom, computed, task } from "nanostores";
+import { Session, User } from "../adapters/schema";
+import { Prettify } from "../types/helper";
+import { BetterAuth } from "../auth";
+import { FieldAttribute, InferFieldOutput } from "../db";
+import { BetterFetch } from "@better-fetch/fetch";
+
+export function getSessionAtom<Auth extends BetterAuth>(client: BetterFetch) {
+	type AdditionalSessionFields = Auth["options"]["plugins"] extends Array<
+		infer T
+	>
+		? T extends {
+				schema: {
+					session: {
+						fields: infer Field;
+					};
+				};
+			}
+			? Field extends Record<string, FieldAttribute>
+				? InferFieldOutput<Field>
+				: {}
+			: {}
+		: {};
+	const $signal = atom<boolean>(false);
+	const $session = computed($signal, () =>
+		task(async () => {
+			const session = await client("/session", {
+				credentials: "include",
+				method: "GET",
+			});
+			return session.data as {
+				user: User;
+				session: Prettify<Session & AdditionalSessionFields>;
+			} | null;
+		}),
+	);
+	return { $session };
+}
--- a/packages/better-auth/src/client/type.ts
+++ b/packages/better-auth/src/client/type.ts
@@ -6,6 +6,8 @@ import {
 	UnionToIntersection,
 } from "../types/helper";
 import { BetterFetchResponse } from "@better-fetch/fetch";
+import { BetterAuth } from "../auth";
+import { CustomProvider } from "../providers";

 export type InferKeys<T> = T extends `/${infer A}/${infer B}`
 	? CamelCase<`${A}-${InferKeys<B>}`>
@@ -36,3 +38,63 @@ export type InferActions<Actions> = Actions extends {
 				: never
 		>
 	: never;
+
+export type ExcludeCredentialPaths<Auth extends BetterAuth> =
+	Auth["options"]["emailAndPassword"] extends {
+		enabled: true;
+	}
+		? ""
+		: "signUpCredential" | "signInCredential";
+
+export type ExcludedPasskeyPaths =
+	| "passkeyGenerateAuthenticateOptions"
+	| "passkeyGenerateRegisterOptions"
+	| "verifyPasskey";
+
+export type ExcludedPaths<Auth extends BetterAuth> =
+	| "signinOauth"
+	| "signUpOauth"
+	| "callback"
+	| "session"
+	| ExcludeCredentialPaths<Auth>
+	| ExcludedPasskeyPaths;
+
+export type OrganizationPaths = "$activeOrganization" | "setActiveOrg";
+
+type ProviderEndpoint<Auth extends BetterAuth> = UnionToIntersection<
+	Auth["options"]["providers"] extends Array<infer T>
+		? T extends CustomProvider
+			? T["endpoints"]
+			: {}
+		: {}
+>;
+
+export type Actions<Auth extends BetterAuth> = ProviderEndpoint<Auth> &
+	Auth["api"];
+
+export type InferredActions<Auth extends BetterAuth> = Prettify<
+	Omit<InferActions<Actions<Auth>>, ExcludedPaths<Auth>>
+>;
+
+export type PickOrganizationPaths<Auth extends BetterAuth> =
+	Auth["options"]["plugins"] extends Array<infer T>
+		? T extends {
+				id: "organization";
+			}
+			? OrganizationPaths
+			: never
+		: never;
+
+export type PickProvidePaths<
+	ID extends string,
+	PickedPath extends string,
+	Auth extends BetterAuth,
+> = Auth["options"]["providers"] extends Array<infer P>
+	? P extends {
+			id: ID;
+		}
+		? PickedPath
+		: never
+	: never;
+
+export type PickDefaultPaths = "$session";
--- a/packages/better-auth/src/providers/index.ts
+++ b/packages/better-auth/src/providers/index.ts
@@ -13,4 +13,5 @@ export const oAuthProviderList = Object.keys(oAuthProviders) as [

 export * from "./github";
 export * from "./google";
+export * from "./passkey";
 export * from "../types/provider";
--- a/packages/better-auth/src/providers/passkey.ts
+++ b/packages/better-auth/src/providers/passkey.ts
@@ -78,7 +78,7 @@ export const passkey = (options: PasskeyOptions) => {
 		type: "custom",
 		endpoints: {
 			generatePasskeyRegistrationOptions: createAuthEndpoint(
-				"/passkey/generate-register",
+				"/passkey/generate-register-options",
 				{
 					method: "GET",
 					use: [sessionMiddleware],
@@ -144,7 +144,7 @@ export const passkey = (options: PasskeyOptions) => {
 				},
 			),
 			generatePasskeyAuthenticationOptions: createAuthEndpoint(
-				"/passkey/generate-authenticate",
+				"/passkey/generate-authenticate-options",
 				{
 					method: "GET",
 				},
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -176,6 +176,9 @@ importers:
      '@paralleldrive/cuid2':
        specifier: ^2.2.2
        version: 2.2.2
+      '@simplewebauthn/browser':
+        specifier: ^10.0.0
+        version: 10.0.0
      '@simplewebauthn/server':
        specifier: ^10.0.1
        version: 10.0.1
@@ -1507,6 +1510,9 @@ packages:
    cpu: [x64]
    os: [win32]

+  '@simplewebauthn/browser@10.0.0':
+    resolution: {integrity: sha512-hG0JMZD+LiLUbpQcAjS4d+t4gbprE/dLYop/CkE01ugU/9sKXflxV5s0DRjdz3uNMFecatRfb4ZLG3XvF8m5zg==}
+
  '@simplewebauthn/server@10.0.1':
    resolution: {integrity: sha512-djNWcRn+H+6zvihBFJSpG3fzb0NQS9c/Mw5dYOtZ9H+oDw8qn9Htqxt4cpqRvSOAfwqP7rOvE9rwqVaoGGc3hg==}
    engines: {node: '>=20.0.0'}
@@ -4137,6 +4143,10 @@ snapshots:
  '@rollup/rollup-win32-x64-msvc@4.19.1':
    optional: true

+  '@simplewebauthn/browser@10.0.0':
+    dependencies:
+      '@simplewebauthn/types': 10.0.0
+
  '@simplewebauthn/server@10.0.1':
    dependencies:
      '@hexagon/base64': 1.1.28