import { AccessControl, Role, Statements } from '../access/index.js'; import * as better_call from 'better-call'; import { z } from 'zod'; import { I as InferOptionSchema, l as AuthContext, H as HookEndpointContext, S as Session, U as User } from '../../shared/better-auth.6fr3ElRe.js'; import '../../shared/better-auth.Bi8FQwDD.js'; import '../../shared/better-auth.BLX8BItA.js'; import 'jose'; import 'kysely'; import 'better-sqlite3'; interface UserWithRole extends User { role?: string; banned?: boolean | null; banReason?: string | null; banExpires?: Date | null; } interface SessionWithImpersonatedBy extends Session { impersonatedBy?: string; } interface AdminOptions { /** * The default role for a user * * @default "user" */ defaultRole?: string; /** * Roles that are considered admin roles. * * Any user role that isn't in this list, even if they have the permission, * will not be considered an admin. * * @default ["admin"] */ adminRoles?: string | string[]; /** * A default ban reason * * By default, no reason is provided */ defaultBanReason?: string; /** * Number of seconds until the ban expires * * By default, the ban never expires */ defaultBanExpiresIn?: number; /** * Duration of the impersonation session in seconds * * By default, the impersonation session lasts 1 hour */ impersonationSessionDuration?: number; /** * Custom schema for the admin plugin */ schema?: InferOptionSchema; /** * Configure the roles and permissions for the admin * plugin. */ ac?: AccessControl; /** * Custom permissions for roles. */ roles?: { [key in string]?: Role; }; /** * List of user ids that should have admin access * * If this is set, the `adminRole` option is ignored */ adminUserIds?: string[]; /** * Message to show when a user is banned * * By default, the message is "You have been banned from this application" */ bannedUserMessage?: string; } declare const admin: (options?: O) => { id: "admin"; init(ctx: AuthContext): { options: { databaseHooks: { user: { create: { before(user: { id: string; name: string; email: string; emailVerified: boolean; createdAt: Date; updatedAt: Date; image?: string | null | undefined; }): Promise<{ data: { id: string; name: string; email: string; emailVerified: boolean; createdAt: Date; updatedAt: Date; image?: string | null | undefined; role: string; }; }>; }; }; session: { create: { before(session: { id: string; createdAt: Date; updatedAt: Date; userId: string; expiresAt: Date; token: string; ipAddress?: string | null | undefined; userAgent?: string | null | undefined; }): Promise; }; }; }; }; }; hooks: { after: { matcher(context: HookEndpointContext): boolean; handler: (inputContext: better_call.MiddlewareInputContext) => Promise; }[]; }; endpoints: { setRole: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ userId: z.ZodString; role: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; role: string; }, { userId: string; role: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/set-role"; }; createUser: { ; /** * extra fields for user */ data: z.ZodOptional>; }, "strip", z.ZodTypeAny, { password: string; name: string; email: string; data?: Record | undefined; role?: string | undefined; }, { password: string; name: string; email: string; data?: Record | undefined; role?: string | undefined; }>; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ email: z.ZodString; password: z.ZodString; name: z.ZodString; role: z.ZodOptional; /** * extra fields for user */ data: z.ZodOptional>; }, "strip", z.ZodTypeAny, { password: string; name: string; email: string; data?: Record | undefined; role?: string | undefined; }, { password: string; name: string; email: string; data?: Record | undefined; role?: string | undefined; }>; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/create-user"; }; listUsers: { ) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; query: z.ZodObject<{ searchValue: z.ZodOptional; searchField: z.ZodOptional>; searchOperator: z.ZodOptional>; limit: z.ZodOptional>; offset: z.ZodOptional>; sortBy: z.ZodOptional; sortDirection: z.ZodOptional>; filterField: z.ZodOptional; filterValue: z.ZodOptional, z.ZodBoolean]>>; filterOperator: z.ZodOptional>; }, "strip", z.ZodTypeAny, { searchValue?: string | undefined; searchField?: "name" | "email" | undefined; searchOperator?: "contains" | "starts_with" | "ends_with" | undefined; limit?: string | number | undefined; offset?: string | number | undefined; sortBy?: string | undefined; sortDirection?: "asc" | "desc" | undefined; filterField?: string | undefined; filterValue?: string | number | boolean | undefined; filterOperator?: "eq" | "ne" | "lt" | "lte" | "gt" | "gte" | undefined; }, { searchValue?: string | undefined; searchField?: "name" | "email" | undefined; searchOperator?: "contains" | "starts_with" | "ends_with" | undefined; limit?: string | number | undefined; offset?: string | number | undefined; sortBy?: string | undefined; sortDirection?: "asc" | "desc" | undefined; filterField?: string | undefined; filterValue?: string | number | boolean | undefined; filterOperator?: "eq" | "ne" | "lt" | "lte" | "gt" | "gte" | undefined; }>; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { users: { type: string; items: { $ref: string; }; }; total: { type: string; }; limit: { type: string; }; offset: { type: string; }; }; required: string[]; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "GET"; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; query: z.ZodObject<{ searchValue: z.ZodOptional; searchField: z.ZodOptional>; searchOperator: z.ZodOptional>; limit: z.ZodOptional>; offset: z.ZodOptional>; sortBy: z.ZodOptional; sortDirection: z.ZodOptional>; filterField: z.ZodOptional; filterValue: z.ZodOptional, z.ZodBoolean]>>; filterOperator: z.ZodOptional>; }, "strip", z.ZodTypeAny, { searchValue?: string | undefined; searchField?: "name" | "email" | undefined; searchOperator?: "contains" | "starts_with" | "ends_with" | undefined; limit?: string | number | undefined; offset?: string | number | undefined; sortBy?: string | undefined; sortDirection?: "asc" | "desc" | undefined; filterField?: string | undefined; filterValue?: string | number | boolean | undefined; filterOperator?: "eq" | "ne" | "lt" | "lte" | "gt" | "gte" | undefined; }, { searchValue?: string | undefined; searchField?: "name" | "email" | undefined; searchOperator?: "contains" | "starts_with" | "ends_with" | undefined; limit?: string | number | undefined; offset?: string | number | undefined; sortBy?: string | undefined; sortDirection?: "asc" | "desc" | undefined; filterField?: string | undefined; filterValue?: string | number | boolean | undefined; filterOperator?: "eq" | "ne" | "lt" | "lte" | "gt" | "gte" | undefined; }>; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { users: { type: string; items: { $ref: string; }; }; total: { type: string; }; limit: { type: string; }; offset: { type: string; }; }; required: string[]; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/list-users"; }; listUserSessions: { ) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; body: z.ZodObject<{ userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; }, { userId: string; }>; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { sessions: { type: string; items: { $ref: string; }; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; body: z.ZodObject<{ userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; }, { userId: string; }>; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { sessions: { type: string; items: { $ref: string; }; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/list-user-sessions"; }; unbanUser: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; }, { userId: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/unban-user"; }; banUser: { ; /** * Number of seconds until the ban expires */ banExpiresIn: z.ZodOptional; }, "strip", z.ZodTypeAny, { userId: string; banReason?: string | undefined; banExpiresIn?: number | undefined; }, { userId: string; banReason?: string | undefined; banExpiresIn?: number | undefined; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ userId: z.ZodString; /** * Reason for the ban */ banReason: z.ZodOptional; /** * Number of seconds until the ban expires */ banExpiresIn: z.ZodOptional; }, "strip", z.ZodTypeAny, { userId: string; banReason?: string | undefined; banExpiresIn?: number | undefined; }, { userId: string; banReason?: string | undefined; banExpiresIn?: number | undefined; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/ban-user"; }; impersonateUser: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { session: { $ref: string; }; user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; }, { userId: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { session: { $ref: string; }; user: { $ref: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/impersonate-user"; }; stopImpersonating: { | undefined)?]>(...inputCtx: C): Promise; user: User & Record; }; } : { session: Session & Record; user: User & Record; }>; options: { method: "POST"; } & { use: any[]; }; path: "/admin/stop-impersonating"; }; revokeUserSession: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { success: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ sessionToken: z.ZodString; }, "strip", z.ZodTypeAny, { sessionToken: string; }, { sessionToken: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { success: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/revoke-user-session"; }; revokeUserSessions: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { success: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; }, { userId: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { success: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/revoke-user-sessions"; }; removeUser: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { success: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; }, { userId: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { success: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/remove-user"; }; setUserPassword: { ; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { status: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ newPassword: z.ZodString; userId: z.ZodString; }, "strip", z.ZodTypeAny, { userId: string; newPassword: string; }, { userId: string; newPassword: string; }>; use: ((inputContext: better_call.MiddlewareInputContext) => Promise<{ session: { user: UserWithRole; session: Session; }; }>)[]; metadata: { openapi: { operationId: string; summary: string; description: string; responses: { 200: { description: string; content: { "application/json": { schema: { type: "object"; properties: { status: { type: string; }; }; }; }; }; }; }; }; }; } & { use: any[]; }; path: "/admin/set-user-password"; }; userHasPermission: { >; userId: z.ZodOptional; role: z.ZodOptional; }, "strip", z.ZodTypeAny, { permission: Record; userId?: string | undefined; role?: string | undefined; }, { permission: Record; userId?: string | undefined; role?: string | undefined; }>; metadata: { openapi: { description: string; requestBody: { content: { "application/json": { schema: { type: "object"; properties: { permission: { type: string; description: string; }; }; required: string[]; }; }; }; }; responses: { "200": { description: string; content: { "application/json": { schema: { type: "object"; properties: { error: { type: string; }; success: { type: string; }; }; required: string[]; }; }; }; }; }; }; $Infer: { body: { permission: { [key in keyof (O["ac"] extends AccessControl ? S : { readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password"]; readonly session: readonly ["list", "revoke", "delete"]; })]?: Array<(O["ac"] extends AccessControl ? S : { readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password"]; readonly session: readonly ["list", "revoke", "delete"]; })[key][number]>; }; userId?: string; role?: string; }; }; }; } & { use: any[]; }>]>(...inputCtx: C): Promise; options: { method: "POST"; body: z.ZodObject<{ permission: z.ZodRecord>; userId: z.ZodOptional; role: z.ZodOptional; }, "strip", z.ZodTypeAny, { permission: Record; userId?: string | undefined; role?: string | undefined; }, { permission: Record; userId?: string | undefined; role?: string | undefined; }>; metadata: { openapi: { description: string; requestBody: { content: { "application/json": { schema: { type: "object"; properties: { permission: { type: string; description: string; }; }; required: string[]; }; }; }; }; responses: { "200": { description: string; content: { "application/json": { schema: { type: "object"; properties: { error: { type: string; }; success: { type: string; }; }; required: string[]; }; }; }; }; }; }; $Infer: { body: { permission: { [key in keyof (O["ac"] extends AccessControl ? S : { readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password"]; readonly session: readonly ["list", "revoke", "delete"]; })]?: Array<(O["ac"] extends AccessControl ? S : { readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password"]; readonly session: readonly ["list", "revoke", "delete"]; })[key][number]>; }; userId?: string; role?: string; }; }; }; } & { use: any[]; }; path: "/admin/has-permission"; }; }; $ERROR_CODES: { readonly FAILED_TO_CREATE_USER: "Failed to create user"; readonly USER_ALREADY_EXISTS: "User already exists"; readonly YOU_CANNOT_BAN_YOURSELF: "You cannot ban yourself"; readonly YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE: "You are not allowed to change users role"; readonly YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS: "You are not allowed to create users"; readonly YOU_ARE_NOT_ALLOWED_TO_LIST_USERS: "You are not allowed to list users"; readonly YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS: "You are not allowed to list users sessions"; readonly YOU_ARE_NOT_ALLOWED_TO_BAN_USERS: "You are not allowed to ban users"; readonly YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS: "You are not allowed to impersonate users"; readonly YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS: "You are not allowed to revoke users sessions"; readonly YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS: "You are not allowed to delete users"; readonly YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD: "You are not allowed to set users password"; readonly BANNED_USER: "You have been banned from this application"; }; schema: { user: { fields: { role: { type: "string"; required: false; input: false; }; banned: { type: "boolean"; defaultValue: false; required: false; input: false; }; banReason: { type: "string"; required: false; input: false; }; banExpires: { type: "date"; required: false; input: false; }; }; }; session: { fields: { impersonatedBy: { type: "string"; required: false; }; }; }; }; }; declare const schema: { user: { fields: { role: { type: "string"; required: false; input: false; }; banned: { type: "boolean"; defaultValue: false; required: false; input: false; }; banReason: { type: "string"; required: false; input: false; }; banExpires: { type: "date"; required: false; input: false; }; }; }; session: { fields: { impersonatedBy: { type: "string"; required: false; }; }; }; }; export { type AdminOptions, type SessionWithImpersonatedBy, type UserWithRole, admin };