diff --git a/.changeset/fix-custom-session-disable-refresh.md b/.changeset/fix-custom-session-disable-refresh.md new file mode 100644 index 0000000000..b5ef6171e1 --- /dev/null +++ b/.changeset/fix-custom-session-disable-refresh.md @@ -0,0 +1,5 @@ +--- +"better-auth": patch +--- + +fix(custom-session): use coerced boolean for disableRefresh query param validation diff --git a/packages/better-auth/src/plugins/custom-session/custom-session.test.ts b/packages/better-auth/src/plugins/custom-session/custom-session.test.ts index d6a87efb5b..2bdf617559 100644 --- a/packages/better-auth/src/plugins/custom-session/custom-session.test.ts +++ b/packages/better-auth/src/plugins/custom-session/custom-session.test.ts @@ -214,6 +214,19 @@ describe("Custom Session Plugin Tests", async () => { }); }); + /** + * @see https://github.com/better-auth/better-auth/issues/9195 + */ + it("should accept disableRefresh as a query string without validation error", async () => { + const { headers } = await signInWithTestUser(); + const session = await client.getSession({ + query: { disableRefresh: true }, + fetchOptions: { headers }, + }); + expect(session.data).not.toBeNull(); + expect(session.error).toBeNull(); + }); + it("should not comma-join Set-Cookie headers", async () => { const { headers } = await signInWithTestUser(); await client.getSession({ diff --git a/packages/better-auth/src/plugins/custom-session/index.ts b/packages/better-auth/src/plugins/custom-session/index.ts index 1ddf6a6a01..17212c12d6 100644 --- a/packages/better-auth/src/plugins/custom-session/index.ts +++ b/packages/better-auth/src/plugins/custom-session/index.ts @@ -8,9 +8,9 @@ import { createAuthMiddleware, } from "@better-auth/core/api"; import type { Session, User } from "@better-auth/core/db"; -import * as z from "zod"; import { getSession } from "../../api"; import { parseSetCookieHeader } from "../../cookies/cookie-utils"; +import { getSessionQuerySchema } from "../../cookies/session-store"; import { getEndpointResponse } from "../../utils/plugin-helper"; import { PACKAGE_VERSION } from "../../version"; @@ -22,29 +22,6 @@ declare module "@better-auth/core" { } } -const getSessionQuerySchema = z.optional( - z.object({ - /** - * If cookie cache is enabled, it will disable the cache - * and fetch the session from the database - */ - disableCookieCache: z - .boolean() - .meta({ - description: "Disable cookie cache and fetch session from database", - }) - .or(z.string().transform((v) => v === "true")) - .optional(), - disableRefresh: z - .boolean() - .meta({ - description: - "Disable session refresh. Useful for checking session status, without updating the session", - }) - .optional(), - }), -); - export type CustomSessionPluginOptions = { /** * This option is used to determine if the list-device-sessions endpoint should be mutated to the custom session data.