update(reverify): docs and code to be up-to-date

Author: ping-maxwell

apps/docs/content/docs/plugins/reverify.mdx

@@ -1,23 +1,19 @@
 ---
 title: Reverify
-description: Prompt the user to re-verify their identity by providing a form of authentication for revalidation.
+description: Prompt the user to re-verify their identity by providing their password for revalidation.
 ---
 
 <StatsBadge npmPackage="@better-auth-kit/reverify" />
 <GithubButton url="https://github.com/ping-maxwell/better-auth-kit/tree/main/packages/plugins/reverify" />
 <NpmButton url="https://www.npmjs.com/package/@better-auth-kit/reverify" />
 
-<Callout type="warn">
-  #### This plugin is in Beta
-  This plugin only supports password verification which returns a `valid` boolean, and does not support extending the current session yet.
-  This will be added in a future release.
-</Callout>
-
-If a user's session is not fresh, critical actions (e.g. deleting their account) will not be allowed.
-You would have to terminate their session, force them to sign-in again, and then be able to perform the action.
-Depending on your application, this may not be the best user experience. In some cases, routes can be protected and only accessible to active sessions. By terminating a session and making them sign-in, they're redirected to the login page and may not even know what happened.
+The purpose of this plugin is to allow the user to re-verify their identity without modifying their current session.
+An example use case is before deleting an API key, you would want to re-verify the user's
+identity to ensure they are the one deleting the key.
 
-Using Reverify, you can prompt the user to re-verify their identity without logging them out or terminating their current session.
+<Callout>
+  This plugin is not for the purpose of refreshing a session, if you want to refresh a session you can use any of the sign-in related methods.
+</Callout>
 
 <Steps>
   <Step>
@@ -76,13 +72,4 @@ Using Reverify, you can prompt the user to re-verify their identity without logg
   </Step>
 </Steps>
 
-<div className="h-10" />
-
-<Callout>
-There are future plans to add more forms of authentication to reverify, such as:
-
-- Phone number verification
-- Magic link & Email OTP verification
-- 2FA verification
-- Passkey verification
-</Callout>
+<div className="h-10" />

bun.lock

@@ -1,6 +1,6 @@
 {
 	"name": "@better-auth-kit/reverify",
-	"version": "0.2.0",
+	"version": "1.0.1",
 	"description": "Prompt the user to re-verify their identity by providing a form of authentication for revalidation.",
 	"type": "module",
 	"repository": {
@@ -29,11 +29,12 @@
 	"license": "MIT",
 	"devDependencies": {
 		"@better-auth-kit/internal-build": "workspace:*",
+		"@better-auth-kit/internal-utils": "workspace:*",
 		"vitest": "^3.0.8",
 		"@better-auth-kit/tests": "workspace:*"
 	},
 	"peerDependencies": {
-		"better-auth": "^1.1.21"
+		"better-auth": "^1.2.8"
 	},
 	"publishConfig": {
 		"access": "public"

packages/plugins/reverify/package.json

@@ -5,6 +5,7 @@ import {
 	sessionMiddleware,
 } from "better-auth/api";
 import { z } from "zod";
+import { tryCatch } from "@better-auth-kit/internal-utils";
 
 export const reverify = () => {
 	return {
@@ -21,22 +22,26 @@ export const reverify = () => {
 				},
 				async (ctx) => {
 					const session = ctx.context.session;
-					let validPassword = false;
-					try {
-						validPassword = await ctx.context.password.checkPassword(
-							session.user.id,
-							ctx,
+
+					const { data: validPassword, error } = await tryCatch(
+						ctx.context.password.checkPassword(session.user.id, ctx),
+					);
+
+					if (error) {
+						logger.error(
+							`[Better-Auth-Kit: Reverify] Error checking password`,
+							error,
 						);
-					} catch (error: unknown) {
-						logger.error(`[Reverify] Error checking password`, error);
 						if (
 							error instanceof APIError &&
 							error?.body?.code === "INVALID_PASSWORD"
 						) {
-							logger.info(`[Reverify] Password is invalid`);
-							return ctx.json({ valid: false });
+							logger.info(`[Better-Auth-Kit: Reverify] Password is invalid`);
+							return ctx.json({ valid: false, newSession: null });
 						}
-						throw error;
+						throw new APIError("INTERNAL_SERVER_ERROR", {
+							message: "Something went wrong while checking the password",
+						});
 					}
 
 					return ctx.json({ valid: validPassword });