Improve type safety and ID generation robustness

Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>

Author: Copilot

src/adapter/index.ts

@@ -15,6 +15,23 @@ export interface ObjectQLAdapterConfig {
   ql: ObjectQLClient;
 }
 
+/**
+ * Generate a unique ID for entities
+ * Prefers crypto.randomUUID, falls back to timestamp-based ID
+ */
+function generateId(): string {
+  // Try crypto.randomUUID first (available in modern runtimes)
+  if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  
+  // Fallback: timestamp + random number + counter for better uniqueness
+  const timestamp = Date.now().toString(36);
+  const random = Math.random().toString(36).substring(2, 15);
+  const counter = (Math.random() * 1000000).toString(36);
+  return `${timestamp}-${random}-${counter}`;
+}
+
 export function createObjectQLAdapter(config: ObjectQLAdapterConfig): Adapter {
   const { ql } = config;
 
@@ -180,7 +197,7 @@ export function createObjectQLAdapter(config: ObjectQLAdapterConfig): Adapter {
     async createVerificationToken(data: AdapterVerificationToken): Promise<AdapterVerificationToken> {
       const token = await ql.entity('VerificationToken').create({
         data: {
-          id: data.id || crypto.randomUUID?.() || `${Date.now()}-${Math.random()}`,
+          id: data.id || generateId(),
           identifier: data.identifier,
           token: data.token,
           expiresAt: data.expiresAt,

src/index.ts

@@ -122,7 +122,7 @@ export function createAuthPlugin(config: AuthPluginConfig = {}): ObjectStackPlug
 }
 
 // Re-export key types and utilities
-export type { ObjectStackAuthServerConfig } from './server/index.js';
+export type { ObjectStackAuthServerConfig, ObjectOSPermissions } from './server/index.js';
 export type { ObjectStackSession } from './server/index.js';
 export { createAuthServer, getSession } from './server/index.js';
 
@@ -159,6 +159,7 @@ export type {
   PasswordResetConfirm,
   EmailVerification,
   AuthErrorCode,
+  ObjectOSPermissions,
 } from './types.js';
 export { AuthError } from './types.js';
 

src/server/index.ts

@@ -3,6 +3,12 @@ import type { BetterAuthOptions } from 'better-auth';
 import type { ObjectQLClient } from '@objectstack/ql';
 import { createObjectQLAdapter } from '../adapter/index.js';
 
+/**
+ * ObjectOS Permissions type
+ * Can be customized based on your RBAC implementation
+ */
+export type ObjectOSPermissions = string[] | Record<string, boolean> | null;
+
 /**
  * Server-side configuration for ObjectStack Auth Plugin
  */
@@ -11,9 +17,9 @@ export interface ObjectStackAuthServerConfig {
   secret?: string;
   baseURL?: string;
   trustedOrigins?: string[];
-  emailProvider?: any; // Better-Auth email provider
-  socialProviders?: any[]; // Better-Auth social providers
-  onGetPermissions?: (userId: string) => Promise<any>;
+  emailProvider?: BetterAuthOptions['emailAndPassword'];
+  socialProviders?: BetterAuthOptions['socialProviders'];
+  onGetPermissions?: (userId: string) => Promise<ObjectOSPermissions>;
 }
 
 /**
@@ -137,7 +143,7 @@ export interface ObjectStackSession {
     name?: string;
     image?: string;
     emailVerified: boolean;
-    permissions?: any; // ObjectOS permissions
+    permissions?: ObjectOSPermissions;
   };
   session: {
     id: string;

src/types.ts

@@ -61,11 +61,17 @@ export interface VerificationToken {
   updatedAt: Date;
 }
 
+/**
+ * ObjectOS Permissions
+ * Can be an array of permission strings or a map of permissions to boolean values
+ */
+export type ObjectOSPermissions = string[] | Record<string, boolean> | null;
+
 /**
  * Extended user with ObjectOS permissions
  */
 export interface UserWithPermissions extends User {
-  permissions?: string[] | null;
+  permissions?: ObjectOSPermissions;
 }
 
 /**