import { betterAuth } from 'better-auth'
import { nextCookies } from 'better-auth/next-js'
import { anonymous, genericOAuth } from 'better-auth/plugins'
import createPool from '@/database/Pool'

export const auth = betterAuth({
  database: createPool(),
  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    autoSignIn: true,
  },
  plugins: [
    nextCookies(),
    anonymous(),
    genericOAuth(),
  ],
})

database: createPool()

user: {
  modelName: 'User',
},
account: {
  modelName: 'Account',
  fields: {
    userId: 'user_id',
  },
},
session: {
  modelName: 'Session',
  fields: {
    userId: 'user_id',
  },
},
verification: {
  modelName: 'Verification',
},

emailAndPassword: {
  enabled: true,
  minPasswordLength: 8,
  autoSignIn: true,
}

// Sign up
await auth.api.signUp({
  email: '[email protected]',
  password: 'securePassword123',
  name: 'John Doe',
})

// Sign in
await auth.api.signIn({
  email: '[email protected]',
  password: 'securePassword123',
})

socialProviders: {
  github: {
    clientId: env.AUTH_GITHUB_ID,
    clientSecret: env.AUTH_GITHUB_SECRET,
  },
}

AUTH_GITHUB_ID=your_github_client_id
AUTH_GITHUB_SECRET=your_github_client_secret

socialProviders: {
  google: {
    clientId: env.AUTH_GOOGLE_ID,
    clientSecret: env.AUTH_GOOGLE_SECRET,
  },
}

AUTH_GOOGLE_ID=your_google_client_id
AUTH_GOOGLE_SECRET=your_google_client_secret

genericOAuth({
  config: [
    {
      providerId: 'dex',
      clientId: env.DEX_CLIENT_ID,
      clientSecret: env.DEX_CLIENT_SECRET,
      authentication: 'basic',
      authorizationUrl: `${env.DEX_PROVIDER_URL}/auth`,
      tokenUrl: `${env.DEX_PROVIDER_URL}/token`,
      userInfoUrl: `${env.DEX_PROVIDER_URL}/userinfo`,
      scopes: ['openid', 'email', 'profile'],
      mapProfileToUser(profile) {
        return {
          id: profile.sub,
          name: profile.name || profile.email?.split('@')[0],
          email: profile.email,
          image: profile.picture ?? null,
        }
      },
    },
  ],
})

DEX_CLIENT_ID=your_dex_client_id
DEX_CLIENT_SECRET=your_dex_client_secret
DEX_PROVIDER_URL=https://dex.example.com

const initProvider = <K extends keyof SocialProviders>(
  name: K,
  config: Partial<ProviderConfig<K>[K]>
): ProviderConfig<K> => {
  if (isEmpty(config)) return {} as ProviderConfig<K>
  if (Object.values(config).some((val) => val === undefined)) {
    return {} as ProviderConfig<K>
  }
  
  return { [name]: config } as unknown as ProviderConfig<K>
}

// Usage
socialProviders: {
  ...initProvider('github', { 
    clientId: env.AUTH_GITHUB_ID, 
    clientSecret: env.AUTH_GITHUB_SECRET 
  }),
  ...initProvider('google', { 
    clientId: env.AUTH_GOOGLE_ID, 
    clientSecret: env.AUTH_GOOGLE_SECRET 
  }),
}

plugins: [
  anonymous({
    onLinkAccount: async ({ anonymousUser, newUser }) => {
      logger.info(
        `Anonymous user '${anonymousUser.user.email}' was linked to: '${newUser.user.email}'!`
      )
      
      const db = await getDatabase()
      
      // Transfer ownership of knowledge checks
      const [{ affectedRows: updatedChecks }] = await db
        .update(db_knowledgeCheck)
        .set({ owner_id: newUser.user.id })
        .where(eq(db_knowledgeCheck.owner_id, anonymousUser.user.id))
      
      // Transfer examination results
      const [{ affectedRows: updatedResults }] = await db
        .update(db_userHasDoneKnowledgeCheck)
        .set({ userId: newUser.user.id })
        .where(eq(db_userHasDoneKnowledgeCheck.userId, anonymousUser.user.id))
      
      logger.info(
        `Transferred ${updatedChecks} checks and ${updatedResults} results`
      )
    },
  }),
]

try {
  const [{ affectedRows: updatedChecks }] = await db
    .update(db_knowledgeCheck)
    .set({ owner_id: newUser.user.id })
    .where(eq(db_knowledgeCheck.owner_id, anonymousUser.user.id))
    
  const [{ affectedRows: updatedResults }] = await db
    .update(db_userHasDoneKnowledgeCheck)
    .set({ userId: newUser.user.id })
    .where(eq(db_userHasDoneKnowledgeCheck.userId, anonymousUser.user.id))
    
  logger.info(
    `Transferred ${updatedChecks} checks and ${updatedResults} results`
  )
} catch (e) {
  logger.error('Failed to transfer data', e)
}

import { headers } from 'next/headers'
import { auth } from '@/src/lib/auth/server'

export async function getServerSession() {
  const session = await auth.api.getSession({ 
    headers: await headers() 
  })
  
  return session ?? { user: undefined, session: undefined }
}

import { getServerSession } from '@/src/lib/auth/server'

export default async function ProtectedPage() {
  const { user, session } = await getServerSession()
  
  if (!user) {
    redirect('/login')
  }
  
  return <div>Welcome, {user.name}!</div>
}

import { useSession } from '@/src/lib/auth/client'

export function UserProfile() {
  const { data: session, isPending } = useSession()
  
  if (isPending) return <div>Loading...</div>
  if (!session) return <div>Not logged in</div>
  
  return <div>Hello, {session.user.name}!</div>
}

type Session = {
  session: {
    id: string
    token: string
    userId: string
    expiresAt: string
    ipAddress?: string
    userAgent?: string
    createdAt: string
    updatedAt: string
  }
  user: {
    id: string
    name: string
    email: string
    emailVerified: boolean
    image?: string
    isAnonymous?: boolean
    createdAt: string
    updatedAt: string
  }
}

export type BetterAuthUser = NonNullable<
  Awaited<ReturnType<typeof auth.api.getSession<boolean>>>
>['user']

rateLimit: {
  enabled: env.NEXT_PUBLIC_MODE === 'test' ? false : true,
}

experimental: {
  authInterrupts: true,
}

import { nextCookies } from 'better-auth/next-js'

plugins: [
  nextCookies(),
  // ... other plugins
]

import { getServerSession } from '@/src/lib/auth/server'
import { redirect } from 'next/navigation'

export default async function ProtectedPage() {
  const { user } = await getServerSession()
  
  if (!user) {
    redirect('/login')
  }
  
  if (user.isAnonymous) {
    redirect('/sign-up?message=account_required')
  }
  
  // Protected content
  return <Dashboard user={user} />
}

import { getServerSession } from '@/src/lib/auth/server'
import { NextResponse } from 'next/server'

export async function GET() {
  const { user } = await getServerSession()
  
  if (!user) {
    return NextResponse.json(
      { error: 'Unauthorized' },
      { status: 401 }
    )
  }
  
  // Protected API logic
  return NextResponse.json({ data: 'sensitive data' })
}

import getDatabase from '@/database/Database'
import { db_knowledgeCheck } from '@/database/drizzle/schema'
import { eq, or } from 'drizzle-orm'

const db = await getDatabase()
const check = await db.query.db_knowledgeCheck.findFirst({
  where: eq(db_knowledgeCheck.id, checkId),
})

if (check.owner_id !== user.id) {
  // Check if user is a collaborator
  const isCollaborator = await db.query.db_userContributesToKnowledgeCheck.findFirst({
    where: and(
      eq(db_userContributesToKnowledgeCheck.userId, user.id),
      eq(db_userContributesToKnowledgeCheck.knowledgecheckId, checkId)
    ),
  })
  
  if (!isCollaborator) {
    throw new Error('Unauthorized')
  }
}

import _logger from '@/src/lib/log/Logger'

const logger = _logger.createModuleLogger(
  '/' + import.meta.url.split('/').reverse().slice(0, 2).reverse().join('/')!
)

logger.info(`Anonymous user linked to: '${newUser.user.email}'`)
logger.error('Failed to transfer data from anonymous user', error)

# GitHub OAuth (optional)
AUTH_GITHUB_ID=
AUTH_GITHUB_SECRET=

# Google OAuth (optional)
AUTH_GOOGLE_ID=
AUTH_GOOGLE_SECRET=

# Dex OAuth (optional)
DEX_CLIENT_ID=
DEX_CLIENT_SECRET=
DEX_PROVIDER_URL=

# Database (required)
DATABASE_HOST=
DATABASE_PORT=
DATABASE_NAME=
DATABASE_USER=
DATABASE_PASSWORD=

# Mode
NEXT_PUBLIC_MODE=development # or production, test