Skip to content

Commit d5685c1

Browse files
committed
Update dependencies and improve error handling in better-auth package
- Upgraded `better-auth` to version 1.5.6 and `vitest` to version 4.0.0 across multiple packages for enhanced functionality and security. - Introduced `defineErrorCodes` from `@better-auth/core/utils/error-codes` to improve error handling in the OAuth plugin. - Updated package-lock.json to reflect changes in dependencies and their versions.
1 parent 5997adc commit d5685c1

10 files changed

Lines changed: 8639 additions & 9972 deletions

File tree

api/src/handlers/router.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,8 @@ const router = async (req: HelloRequest, res: HelloResponse) => {
6565
// not able to process requests
6666
res.status(500)
6767
res.send(
68-
'Missing configuration:\n' + JSON.stringify(config.error, null, 4),
68+
'Missing configuration:\n' +
69+
JSON.stringify(config.error, null, 4),
6970
)
7071
return
7172
}

api/src/lib/config.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -203,8 +203,8 @@ export const getConfig = function (): Promise<IConfig> {
203203

204204
export const configurationError = () => ({
205205
error: 'server_error',
206-
error_description: _configuration.error?.join(', ')
207-
|| 'Unknown configuration error',
206+
error_description:
207+
_configuration.error?.join(', ') || 'Unknown configuration error',
208208
})
209209

210210
export const getLoginApiRoute = (): string => {

better-auth/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,11 +51,11 @@
5151
"@tsconfig/node18": "^18.2.2",
5252
"@types/node": "*",
5353
"@types/react": "^18.0.0",
54-
"better-auth": "^1.0.0",
54+
"better-auth": "^1.5.6",
5555
"react": "^18.0.0",
5656
"rimraf": "^5.0.1",
5757
"typescript": "^5.2.2",
58-
"vitest": "^2.0.0"
58+
"vitest": "^4.0.0"
5959
},
6060
"engines": {
6161
"node": ">=18"

better-auth/src/index.ts

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ import { betterFetch } from '@better-fetch/fetch'
22
import { APIError } from 'better-call'
33
import { decodeJwt } from 'jose'
44
import * as z from 'zod'
5+
import { defineErrorCodes } from '@better-auth/core/utils/error-codes'
56
import { createAuthEndpoint } from 'better-auth/api'
67
import { setSessionCookie } from 'better-auth/cookies'
78
// import { BASE_ERROR_CODES } from "../../error/codes";
@@ -234,9 +235,9 @@ async function getUserInfo(
234235
* A generic OAuth plugin that can be used to add OAuth support to any provider
235236
*/
236237
export const hellocoop = (options: GenericOAuthOptions) => {
237-
const ERROR_CODES = {
238+
const ERROR_CODES = defineErrorCodes({
238239
INVALID_OAUTH_CONFIGURATION: 'Invalid OAuth configuration',
239-
} as const
240+
})
240241
return {
241242
id: 'hellocoop',
242243
schema: {
@@ -572,7 +573,8 @@ export const hellocoop = (options: GenericOAuthOptions) => {
572573
}
573574
if (!finalAuthUrl || !finalTokenUrl) {
574575
throw new APIError('BAD_REQUEST', {
575-
message: ERROR_CODES.INVALID_OAUTH_CONFIGURATION,
576+
message:
577+
ERROR_CODES.INVALID_OAUTH_CONFIGURATION.message,
576578
})
577579
}
578580
if (authorizationUrlParams) {

email-verification/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@
6969
"@types/node": "^20.0.0",
7070
"rimraf": "^5.0.5",
7171
"typescript": "^5.0.0",
72-
"vitest": "^1.0.0"
72+
"vitest": "^4.0.0"
7373
},
7474
"gitHead": "2708ae6a0cf0cb970bed968ab62955e639c9e897"
7575
}

email-verification/src/index.ts

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,7 @@ export {
1818
export type { VerifyIssuanceRequestOptions } from './issuance/verify-request.js'
1919

2020
// Export token functions
21-
export {
22-
generateRequestToken,
23-
} from './tokens/request-token.js'
21+
export { generateRequestToken } from './tokens/request-token.js'
2422

2523
export type { RequestTokenPayload } from './tokens/request-token.js'
2624

httpsig/tests/test-jkt-jwt.ts

Lines changed: 72 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -71,9 +71,15 @@ async function createJktJwt(options: {
7171

7272
// Determine alg from identity key
7373
let alg: string
74-
if (identityPublicJwk.kty === 'OKP' && identityPublicJwk.crv === 'Ed25519') {
74+
if (
75+
identityPublicJwk.kty === 'OKP' &&
76+
identityPublicJwk.crv === 'Ed25519'
77+
) {
7578
alg = 'EdDSA'
76-
} else if (identityPublicJwk.kty === 'EC' && identityPublicJwk.crv === 'P-256') {
79+
} else if (
80+
identityPublicJwk.kty === 'EC' &&
81+
identityPublicJwk.crv === 'P-256'
82+
) {
7783
alg = 'ES256'
7884
} else {
7985
throw new Error('Unsupported identity key type')
@@ -115,7 +121,9 @@ async function createJktJwt(options: {
115121
const identityKey = await crypto.subtle.importKey(
116122
'jwk',
117123
identityPrivateJwk,
118-
alg === 'EdDSA' ? { name: 'Ed25519' } : { name: 'ECDSA', namedCurve: 'P-256' },
124+
alg === 'EdDSA'
125+
? { name: 'Ed25519' }
126+
: { name: 'ECDSA', namedCurve: 'P-256' },
119127
false,
120128
['sign'],
121129
)
@@ -156,7 +164,10 @@ test('jkt-jwt: GET request with Ed25519 identity and Ed25519 ephemeral key', asy
156164

157165
// Signature-Key should use jkt-jwt scheme
158166
const sigKeyHeader = result.headers.get('signature-key')!
159-
assert.ok(sigKeyHeader.startsWith('sig=jkt-jwt;'), `Expected jkt-jwt scheme, got: ${sigKeyHeader}`)
167+
assert.ok(
168+
sigKeyHeader.startsWith('sig=jkt-jwt;'),
169+
`Expected jkt-jwt scheme, got: ${sigKeyHeader}`,
170+
)
160171

161172
const verifyResult = await verify({
162173
method: 'GET',
@@ -165,7 +176,11 @@ test('jkt-jwt: GET request with Ed25519 identity and Ed25519 ephemeral key', asy
165176
headers: result.headers,
166177
})
167178

168-
assert.strictEqual(verifyResult.verified, true, `Verification failed: ${verifyResult.error}`)
179+
assert.strictEqual(
180+
verifyResult.verified,
181+
true,
182+
`Verification failed: ${verifyResult.error}`,
183+
)
169184
assert.strictEqual(verifyResult.keyType, 'jkt_jwt')
170185
assert.ok(verifyResult.jkt_jwt, 'Should have jkt_jwt data')
171186
assert.strictEqual(verifyResult.jkt_jwt?.raw, jwt)
@@ -209,7 +224,11 @@ test('jkt-jwt: POST request with body', async () => {
209224
body,
210225
})
211226

212-
assert.strictEqual(verifyResult.verified, true, `Verification failed: ${verifyResult.error}`)
227+
assert.strictEqual(
228+
verifyResult.verified,
229+
true,
230+
`Verification failed: ${verifyResult.error}`,
231+
)
213232
assert.strictEqual(verifyResult.keyType, 'jkt_jwt')
214233
})
215234

@@ -237,7 +256,11 @@ test('jkt-jwt: P-256 identity key delegating to Ed25519 ephemeral key', async ()
237256
headers: result.headers,
238257
})
239258

240-
assert.strictEqual(verifyResult.verified, true, `Verification failed: ${verifyResult.error}`)
259+
assert.strictEqual(
260+
verifyResult.verified,
261+
true,
262+
`Verification failed: ${verifyResult.error}`,
263+
)
241264
assert.strictEqual(verifyResult.keyType, 'jkt_jwt')
242265
assert.strictEqual(verifyResult.jkt_jwt?.identityKey.kty, 'EC')
243266
assert.strictEqual(verifyResult.jkt_jwt?.identityKey.crv, 'P-256')
@@ -268,7 +291,11 @@ test('jkt-jwt: Ed25519 identity key delegating to P-256 ephemeral key', async ()
268291
headers: result.headers,
269292
})
270293

271-
assert.strictEqual(verifyResult.verified, true, `Verification failed: ${verifyResult.error}`)
294+
assert.strictEqual(
295+
verifyResult.verified,
296+
true,
297+
`Verification failed: ${verifyResult.error}`,
298+
)
272299
assert.strictEqual(verifyResult.jkt_jwt?.identityKey.kty, 'OKP')
273300
assert.strictEqual(verifyResult.publicKey.kty, 'EC')
274301
assert.strictEqual(verifyResult.publicKey.crv, 'P-256')
@@ -301,7 +328,10 @@ test('jkt-jwt: Should fail with expired JWT', async () => {
301328
})
302329

303330
assert.strictEqual(verifyResult.verified, false)
304-
assert.ok(verifyResult.error?.includes('expired'), `Expected expired error, got: ${verifyResult.error}`)
331+
assert.ok(
332+
verifyResult.error?.includes('expired'),
333+
`Expected expired error, got: ${verifyResult.error}`,
334+
)
305335
})
306336

307337
test('jkt-jwt: Should fail with future iat', async () => {
@@ -331,7 +361,10 @@ test('jkt-jwt: Should fail with future iat', async () => {
331361
})
332362

333363
assert.strictEqual(verifyResult.verified, false)
334-
assert.ok(verifyResult.error?.includes('future'), `Expected future error, got: ${verifyResult.error}`)
364+
assert.ok(
365+
verifyResult.error?.includes('future'),
366+
`Expected future error, got: ${verifyResult.error}`,
367+
)
335368
})
336369

337370
test('jkt-jwt: Should fail with tampered iss (wrong thumbprint)', async () => {
@@ -342,7 +375,8 @@ test('jkt-jwt: Should fail with tampered iss (wrong thumbprint)', async () => {
342375
identityPrivateJwk: identity.privateJwk,
343376
identityPublicJwk: identity.publicJwk,
344377
ephemeralPublicJwk: ephemeral.publicJwk,
345-
overrideIss: 'urn:jkt:sha-256:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
378+
overrideIss:
379+
'urn:jkt:sha-256:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
346380
})
347381

348382
const result = (await fetch('https://api.example.com/data', {
@@ -360,7 +394,10 @@ test('jkt-jwt: Should fail with tampered iss (wrong thumbprint)', async () => {
360394
})
361395

362396
assert.strictEqual(verifyResult.verified, false)
363-
assert.ok(verifyResult.error?.includes('iss mismatch'), `Expected iss mismatch, got: ${verifyResult.error}`)
397+
assert.ok(
398+
verifyResult.error?.includes('iss mismatch'),
399+
`Expected iss mismatch, got: ${verifyResult.error}`,
400+
)
364401
})
365402

366403
test('jkt-jwt: Should fail with tampered JWT signature', async () => {
@@ -425,7 +462,10 @@ test('jkt-jwt: Should fail with missing cnf.jwk in JWT', async () => {
425462
})
426463

427464
assert.strictEqual(verifyResult.verified, false)
428-
assert.ok(verifyResult.error?.includes('cnf.jwk'), `Expected cnf.jwk error, got: ${verifyResult.error}`)
465+
assert.ok(
466+
verifyResult.error?.includes('cnf.jwk'),
467+
`Expected cnf.jwk error, got: ${verifyResult.error}`,
468+
)
429469
})
430470

431471
test('jkt-jwt: Should fail with unsupported typ', async () => {
@@ -522,7 +562,11 @@ test('jkt-jwt: Custom label should work', async () => {
522562
headers: result.headers,
523563
})
524564

525-
assert.strictEqual(verifyResult.verified, true, `Verification failed: ${verifyResult.error}`)
565+
assert.strictEqual(
566+
verifyResult.verified,
567+
true,
568+
`Verification failed: ${verifyResult.error}`,
569+
)
526570
assert.strictEqual(verifyResult.label, 'device')
527571
assert.strictEqual(verifyResult.keyType, 'jkt_jwt')
528572
})
@@ -551,16 +595,26 @@ test('jkt-jwt: Thumbprint in result should be for the ephemeral key', async () =
551595
headers: result.headers,
552596
})
553597

554-
assert.strictEqual(verifyResult.verified, true, `Verification failed: ${verifyResult.error}`)
598+
assert.strictEqual(
599+
verifyResult.verified,
600+
true,
601+
`Verification failed: ${verifyResult.error}`,
602+
)
555603

556604
// The top-level thumbprint should be for the ephemeral key (the key that signed the HTTP message)
557-
const expectedEphemeralThumbprint = await calculateThumbprint(ephemeral.publicJwk)
605+
const expectedEphemeralThumbprint = await calculateThumbprint(
606+
ephemeral.publicJwk,
607+
)
558608
assert.strictEqual(verifyResult.thumbprint, expectedEphemeralThumbprint)
559609

560610
// The identity thumbprint should be different (for the enclave key)
561-
const expectedIdentityThumbprint = await calculateThumbprint(identity.publicJwk)
611+
const expectedIdentityThumbprint = await calculateThumbprint(
612+
identity.publicJwk,
613+
)
562614
assert.ok(
563-
verifyResult.jkt_jwt?.identityThumbprint.endsWith(expectedIdentityThumbprint),
615+
verifyResult.jkt_jwt?.identityThumbprint.endsWith(
616+
expectedIdentityThumbprint,
617+
),
564618
'Identity thumbprint URI should contain the identity key thumbprint',
565619
)
566620
})

0 commit comments

Comments
 (0)