import { generateRandomString, symmetricEncrypt } from "better-auth/crypto";
import { auth } from "@/lib/auth";
function getCSVData(csv: string) {
const lines = csv.split("\n").filter((l) => l.trim());
const headers = lines[0]?.split(",").map((h) => h.trim()) ?? [];
return lines.slice(1).map((line) => {
const values = line.split(",").map((v) => v.trim());
return headers.reduce(
(obj, header, i) => ({ ...obj, [header]: values[i] ?? "" }),
{} as Record<string, string>,
);
});
}
async function getClerkUsers(total: number) {
const users: any[] = [];
for (let offset = 0; offset < total; offset += 500) {
const res = await fetch(
`https://api.clerk.com/v1/users?offset=${offset}&limit=500`,
{ headers: { Authorization: `Bearer ${process.env.CLERK_SECRET_KEY}` } },
);
if (!res.ok) throw new Error(`Clerk API error: ${res.statusText}`);
users.push(...(await res.json()));
}
return users;
}
async function generateBackupCodes(secret: string) {
const codes = Array.from({ length: 10 }).map(() => {
const s = generateRandomString(10, "a-z", "0-9", "A-Z");
return `${s.slice(0, 5)}-${s.slice(5)}`;
});
return symmetricEncrypt({ data: JSON.stringify(codes), key: secret });
}
function safeDate(ts?: number): Date {
if (!ts) return new Date();
const d = new Date(ts);
const y = d.getFullYear();
return isNaN(d.getTime()) || y < 2000 || y > 2100 ? new Date() : d;
}
async function migrate() {
const csv = await Bun.file("exported_users.csv").text();
const csvData = getCSVData(csv);
const clerkUsers = await getClerkUsers(csvData.length);
const ctx = await auth.$context;
const hasAdmin = ctx.options?.plugins?.some((p) => p.id === "admin");
const has2FA = ctx.options?.plugins?.some((p) => p.id === "two-factor");
const hasUsername = ctx.options?.plugins?.some((p) => p.id === "username");
const hasPhone = ctx.options?.plugins?.some((p) => p.id === "phone-number");
for (const row of csvData) {
const clerk = clerkUsers.find((u) => u.id === row.id);
const user = await ctx.adapter
.create({
model: "user",
data: {
id: row.id,
email: row.primary_email_address,
emailVerified: row.verified_email_addresses.length > 0,
name: `${row.first_name} ${row.last_name}`,
image: clerk?.image_url,
createdAt: safeDate(clerk?.created_at),
updatedAt: safeDate(clerk?.updated_at),
...(hasAdmin ? { banned: clerk?.banned, role: "user" } : {}),
...(has2FA ? { twoFactorEnabled: clerk?.two_factor_enabled } : {}),
...(hasUsername ? { username: row.username } : {}),
...(hasPhone
? {
phoneNumber: row.primary_phone_number,
phoneNumberVerified: row.verified_phone_numbers.length > 0,
}
: {}),
},
forceAllowId: true,
})
.catch(() =>
ctx.adapter.findOne({
model: "user",
where: [{ field: "id", value: row.id }],
}),
);
for (const acct of clerk?.external_accounts ?? []) {
await ctx.adapter.create({
model: "account",
data: {
id: acct.id,
userId: user?.id,
providerId:
acct.provider === "credential"
? acct.provider
: acct.provider.replace("oauth_", ""),
accountId: acct.provider_user_id,
scope: acct.approved_scopes,
createdAt: safeDate(acct.created_at),
updatedAt: safeDate(acct.updated_at),
...(acct.provider === "credential"
? { password: row.password_digest }
: {}),
},
forceAllowId: true,
});
}
if (has2FA && row.totp_secret) {
await ctx.adapter.create({
model: "twoFactor",
data: {
userId: user?.id,
secret: row.totp_secret,
backupCodes: await generateBackupCodes(row.totp_secret),
},
});
}
}
console.log(`Migrated ${csvData.length} users.`);
}
migrate().catch((e) => {
console.error(e);
process.exit(1);
});
