diff --git a/packages/better-auth/package.json b/packages/better-auth/package.json index 0760dbb3..4d1059c8 100644 --- a/packages/better-auth/package.json +++ b/packages/better-auth/package.json @@ -698,7 +698,7 @@ } }, "dependencies": { - "@better-auth/utils": "0.2.6", + "@better-auth/utils": "0.3.0", "@better-fetch/fetch": "catalog:", "@noble/ciphers": "^2.0.0", "@noble/hashes": "^2.0.0", diff --git a/packages/better-auth/src/crypto/password.ts b/packages/better-auth/src/crypto/password.ts index e3d8b2f0..6d7441f4 100644 --- a/packages/better-auth/src/crypto/password.ts +++ b/packages/better-auth/src/crypto/password.ts @@ -1,6 +1,5 @@ import { constantTimeEqual } from "./buffer"; import { scryptAsync } from "@noble/hashes/scrypt.js"; -import { getRandomValues } from "@better-auth/utils"; import { hex } from "@better-auth/utils/hex"; import { hexToBytes } from "@noble/hashes/utils.js"; import { BetterAuthError } from "../error"; @@ -23,7 +22,7 @@ async function generateKey(password: string, salt: string) { } export const hashPassword = async (password: string) => { - const salt = hex.encode(getRandomValues(new Uint8Array(16))); + const salt = hex.encode(crypto.getRandomValues(new Uint8Array(16))); const key = await generateKey(password, salt); return `${salt}:${hex.encode(key)}`; }; diff --git a/packages/better-auth/src/plugins/device-authorization/index.ts b/packages/better-auth/src/plugins/device-authorization/index.ts index 08109412..c0366994 100644 --- a/packages/better-auth/src/plugins/device-authorization/index.ts +++ b/packages/better-auth/src/plugins/device-authorization/index.ts @@ -5,7 +5,6 @@ import type { BetterAuthPlugin, InferOptionSchema } from "../../types/plugins"; import { generateRandomString } from "../../crypto"; import { getSessionFromCtx } from "../../api/routes/session"; import { ms, type StringValue as MSStringValue } from "ms"; -import { getRandomValues } from "@better-auth/utils"; import { schema, type DeviceCode } from "./schema"; import { mergeSchema } from "../../db"; @@ -150,7 +149,7 @@ const defaultGenerateDeviceCode = (length: number) => { */ const defaultGenerateUserCode = (length: number) => { const chars = new Uint8Array(length); - return Array.from(getRandomValues(chars)) + return Array.from(crypto.getRandomValues(chars)) .map((byte) => defaultCharset[byte % defaultCharset.length]) .join(""); }; diff --git a/packages/better-auth/src/plugins/jwt/utils.ts b/packages/better-auth/src/plugins/jwt/utils.ts index e8c3e2a3..b49d0fb5 100644 --- a/packages/better-auth/src/plugins/jwt/utils.ts +++ b/packages/better-auth/src/plugins/jwt/utils.ts @@ -1,4 +1,4 @@ -import { subtle, getRandomValues } from "@better-auth/utils"; +import { getWebcryptoSubtle } from "@better-auth/utils"; import { base64 } from "@better-auth/utils/base64"; import { joseSecs } from "../../utils/time"; import type { JwtOptions, Jwk } from "./types"; @@ -31,6 +31,7 @@ export function toExpJWT( async function deriveKey(secretKey: string): Promise { const enc = new TextEncoder(); + const subtle = getWebcryptoSubtle(); const keyMaterial = await subtle.importKey( "raw", enc.encode(secretKey), @@ -58,10 +59,10 @@ export async function encryptPrivateKey( secretKey: string, ): Promise<{ encryptedPrivateKey: string; iv: string; authTag: string }> { const key = await deriveKey(secretKey); // Derive a 32-byte key from the provided secret - const iv = getRandomValues(new Uint8Array(12)); // 12-byte IV for AES-GCM + const iv = crypto.getRandomValues(new Uint8Array(12)); // 12-byte IV for AES-GCM const enc = new TextEncoder(); - const ciphertext = await subtle.encrypt( + const ciphertext = await getWebcryptoSubtle().encrypt( { name: "AES-GCM", iv: iv, @@ -94,7 +95,7 @@ export async function decryptPrivateKey( const ivBuffer = base64.decode(iv); const ciphertext = base64.decode(encryptedPrivateKey); - const decrypted = await subtle.decrypt( + const decrypted = await getWebcryptoSubtle().decrypt( { name: "AES-GCM", iv: ivBuffer as BufferSource, diff --git a/packages/better-auth/src/plugins/mcp/index.ts b/packages/better-auth/src/plugins/mcp/index.ts index 9c1c7568..2b40076b 100644 --- a/packages/better-auth/src/plugins/mcp/index.ts +++ b/packages/better-auth/src/plugins/mcp/index.ts @@ -16,7 +16,7 @@ import { APIError, getSessionFromCtx } from "../../api"; import { base64 } from "@better-auth/utils/base64"; import { generateRandomString } from "../../crypto"; import { createHash } from "@better-auth/utils/hash"; -import { subtle } from "@better-auth/utils"; +import { getWebcryptoSubtle } from "@better-auth/utils"; import { SignJWT } from "jose"; import type { BetterAuthOptions, GenericEndpointContext } from "../../types"; import { parseSetCookieHeader } from "../../cookies"; @@ -568,7 +568,7 @@ export const mcp = (options: MCPOptions) => { } let secretKey = { alg: "HS256", - key: await subtle.generateKey( + key: await getWebcryptoSubtle().generateKey( { name: "HMAC", hash: "SHA-256", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 275f10ac..e1c8e068 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -630,8 +630,8 @@ importers: packages/better-auth: dependencies: '@better-auth/utils': - specifier: 0.2.6 - version: 0.2.6 + specifier: 0.3.0 + version: 0.3.0 '@better-fetch/fetch': specifier: 'catalog:' version: 1.1.18 @@ -1623,8 +1623,8 @@ packages: resolution: {integrity: sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==} engines: {node: '>=6.9.0'} - '@better-auth/utils@0.2.6': - resolution: {integrity: sha512-3y/vaL5Ox33dBwgJ6ub3OPkVqr6B5xL2kgxNHG8eHZuryLyG/4JSPGqjbdRSgjuy9kALUZYDFl+ORIAxlWMSuA==} + '@better-auth/utils@0.3.0': + resolution: {integrity: sha512-W+Adw6ZA6mgvnSnhOki270rwJ42t4XzSK6YWGF//BbVXL6SwCLWfyzBc1lN2m/4RM28KubdBKQ4X5VMoLRNPQw==} '@better-fetch/fetch@1.1.18': resolution: {integrity: sha512-rEFOE1MYIsBmoMJtQbl32PGHHXuG2hDxvEd7rUHE0vCBoFQVSDqaVs9hkZEtHCxRoY+CljXKFCOuJ8uxqw1LcA==} @@ -13053,9 +13053,7 @@ snapshots: '@babel/helper-string-parser': 7.27.1 '@babel/helper-validator-identifier': 7.27.1 - '@better-auth/utils@0.2.6': - dependencies: - uncrypto: 0.1.3 + '@better-auth/utils@0.3.0': {} '@better-fetch/fetch@1.1.18': {} @@ -15876,7 +15874,9 @@ snapshots: metro-runtime: 0.83.1 transitivePeerDependencies: - '@babel/core' + - bufferutil - supports-color + - utf-8-validate '@react-native/normalize-colors@0.79.5': {}