UNPKG

better-auth

Version:

The most comprehensive authentication framework for TypeScript.

better-auth.com

better-auth/better-auth

92 lines (90 loc) 3.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import { env } from "@better-auth/core/env"; import { BetterAuthError } from "@better-auth/core/error"; //#region src/utils/url.ts function checkHasPath(url) { try { return (new URL(url).pathname.replace(/\/+$/, "") || "/") !== "/"; } catch { throw new BetterAuthError(`Invalid base URL: ${url}. Please provide a valid base URL.`); } } function assertHasProtocol(url) { try { const parsedUrl = new URL(url); if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") throw new BetterAuthError(`Invalid base URL: ${url}. URL must include 'http://' or 'https://'`); } catch (error) { if (error instanceof BetterAuthError) throw error; throw new BetterAuthError(`Invalid base URL: ${url}. Please provide a valid base URL.`, String(error)); } } function withPath(url, path = "/api/auth") { assertHasProtocol(url); if (checkHasPath(url)) return url; const trimmedUrl = url.replace(/\/+$/, ""); if (!path || path === "/") return trimmedUrl; path = path.startsWith("/") ? path : `/${path}`; return `${trimmedUrl}${path}`; } function validateProxyHeader(header, type) { if (!header || header.trim() === "") return false; if (type === "proto") return header === "http" || header === "https"; if (type === "host") { if ([ /\.\./, /\0/, /[\s]/, /^[.]/, /[<>'"]/, /javascript:/i, /file:/i, /data:/i ].some((pattern) => pattern.test(header))) return false; return /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?$/.test(header) || /^(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?$/.test(header) || /^\[[0-9a-fA-F:]+\](:[0-9]{1,5})?$/.test(header) || /^localhost(:[0-9]{1,5})?$/i.test(header); } return false; } function getBaseURL(url, path, request, loadEnv, trustedProxyHeaders) { if (url) return withPath(url, path); if (loadEnv !== false) { const fromEnv = env.BETTER_AUTH_URL || env.NEXT_PUBLIC_BETTER_AUTH_URL || env.PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_AUTH_URL || (env.BASE_URL !== "/" ? env.BASE_URL : void 0); if (fromEnv) return withPath(fromEnv, path); } const fromRequest = request?.headers.get("x-forwarded-host"); const fromRequestProto = request?.headers.get("x-forwarded-proto"); if (fromRequest && fromRequestProto && trustedProxyHeaders) { if (validateProxyHeader(fromRequestProto, "proto") && validateProxyHeader(fromRequest, "host")) try { return withPath(`${fromRequestProto}://${fromRequest}`, path); } catch (_error) {} } if (request) { const url$1 = getOrigin(request.url); if (!url$1) throw new BetterAuthError("Could not get origin from request. Please provide a valid base URL."); return withPath(url$1, path); } if (typeof window !== "undefined" && window.location) return withPath(window.location.origin, path); } function getOrigin(url) { try { const parsedUrl = new URL(url); return parsedUrl.origin === "null" ? null : parsedUrl.origin; } catch { return null; } } function getProtocol(url) { try { return new URL(url).protocol; } catch { return null; } } function getHost(url) { try { return new URL(url).host; } catch { return null; } } //#endregion export { getBaseURL, getHost, getOrigin, getProtocol }; //# sourceMappingURL=url.mjs.map