管理员

管理员插件为您的应用程序提供了一套用户管理的管理功能。它允许管理员执行各种操作，如创建用户、管理用户角色、禁止/解禁用户、模拟用户身份等。

安装

在您的 auth 配置中添加插件

使用管理员插件时，将其添加到您的 auth 配置中。

auth.ts

import { betterAuth } from "better-auth"
import { admin } from "better-auth/plugins"

export const auth = betterAuth({
    // ... 其他配置选项
    plugins: [
        admin() 
    ]
})

Migrate the database

Run the migration or generate the schema to add the necessary fields and tables to the database.

npx auth migrate

npx auth generate

See the Schema section to add the fields manually.

添加客户端插件

接下来，在您的身份验证客户端实例中包含管理员客户端插件。

auth-client.ts

import { createAuthClient } from "better-auth/client"
import { adminClient } from "better-auth/client/plugins"

export const authClient = createAuthClient({
    plugins: [
        adminClient()  
    ]
})

使用

在执行任何管理员操作之前，用户必须使用管理员帐户进行身份验证。管理员是指分配了 admin 角色的任何用户，或者其 ID 包含在 adminUserIds 选项中的任何用户。

创建用户

允许管理员创建新用户。

POST/admin/create-user

const { data: newUser, error } = await authClient.admin.createUser({
    email: "user@example.com", // required
    password: "some-secure-password", // required
    name: "James Smith", // required
    role: "user",
    data: { customField: "customValue" },
});

const { data: newUser, error } = await authClient.admin.createUser({    email: "user@example.com", // required    password: "some-secure-password", // required    name: "James Smith", // required    role: "user",    data: { customField: "customValue" },});

Parameters

emailstringrequired

The email of the user.

passwordstringrequired

The password of the user.

namestringrequired

The name of the user.

rolestring | string[]

A string or array of strings representing the roles to apply to the new user.

dataRecord<string, any>

Extra fields for the user. Including custom additional fields.

POST/admin/create-user

const newUser = await auth.api.createUser({
    body: {
        email: "user@example.com", // required
        password: "some-secure-password", // required
        name: "James Smith", // required
        role: "user",
        data: { customField: "customValue" },
    },
});

const newUser = await auth.api.createUser({    body: {        email: "user@example.com", // required        password: "some-secure-password", // required        name: "James Smith", // required        role: "user",        data: { customField: "customValue" },    },});

Parameters

emailstringrequired

The email of the user.

passwordstringrequired

The password of the user.

namestringrequired

The name of the user.

rolestring | string[]

A string or array of strings representing the roles to apply to the new user.

dataRecord<string, any>

Extra fields for the user. Including custom additional fields.

列出用户

允许管理员列出数据库中所有用户。

GET/admin/list-users

Notes

All properties are optional to configure. By default, 100 rows are returned, you can configure this by the limit property.

const { data: users, error } = await authClient.admin.listUsers({
    query: {
        searchValue: "some name",
        searchField: "name",
        searchOperator: "contains",
        limit: 100,
        offset: 100,
        sortBy: "name",
        sortDirection: "desc",
        filterField: "email",
        filterValue: "hello@example.com",
        filterOperator: "eq",
    },
});

const { data: users, error } = await authClient.admin.listUsers({    query: {        searchValue: "some name",        searchField: "name",        searchOperator: "contains",        limit: 100,        offset: 100,        sortBy: "name",        sortDirection: "desc",        filterField: "email",        filterValue: "hello@example.com",        filterOperator: "eq",    },});

Parameters

searchValuestring

The value to search for.

searchField"email" | "name"

The field to search in, defaults to email. Can be email or name.

searchOperator"contains" | "starts_with" | "ends_with"

The operator to use for the search. Can be contains, starts_with or ends_with.

limitstring | number

The number of users to return. Defaults to 100.

offsetstring | number

The offset to start from.

sortBystring

The field to sort by.

sortDirection"asc" | "desc"

The direction to sort by.

filterFieldstring

The field to filter by.

filterValuestring | number | boolean | string[] | number[]

The value to filter by.

filterOperator"eq" | "ne" | "lt" | "lte" | "gt" | "gte" | "in" | "not_in" | "contains" | "starts_with" | "ends_with"

The operator to use for the filter.

GET/admin/list-users

Notes

All properties are optional to configure. By default, 100 rows are returned, you can configure this by the limit property.

const users = await auth.api.listUsers({
    query: {
        searchValue: "some name",
        searchField: "name",
        searchOperator: "contains",
        limit: 100,
        offset: 100,
        sortBy: "name",
        sortDirection: "desc",
        filterField: "email",
        filterValue: "hello@example.com",
        filterOperator: "eq",
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const users = await auth.api.listUsers({    query: {        searchValue: "some name",        searchField: "name",        searchOperator: "contains",        limit: 100,        offset: 100,        sortBy: "name",        sortDirection: "desc",        filterField: "email",        filterValue: "hello@example.com",        filterOperator: "eq",    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

searchValuestring

The value to search for.

searchField"email" | "name"

The field to search in, defaults to email. Can be email or name.

searchOperator"contains" | "starts_with" | "ends_with"

The operator to use for the search. Can be contains, starts_with or ends_with.

limitstring | number

The number of users to return. Defaults to 100.

offsetstring | number

The offset to start from.

sortBystring

The field to sort by.

sortDirection"asc" | "desc"

The direction to sort by.

filterFieldstring

The field to filter by.

filterValuestring | number | boolean | string[] | number[]

The value to filter by.

filterOperator"eq" | "ne" | "lt" | "lte" | "gt" | "gte" | "in" | "not_in" | "contains" | "starts_with" | "ends_with"

The operator to use for the filter.

Query Filtering

listUsers 支持多种过滤操作符，包括 eq、contains、starts_with 和 ends_with。

分页

listUsers 函数支持分页，响应中会返回用户列表和元数据。返回字段如下：

{
  users: User[],   // 返回的用户数组
  total: number,   // 过滤和搜索后用户总数
  limit: number | undefined,   // 查询中提供的 limit
  offset: number | undefined   // 查询中提供的 offset
}

如何实现分页

使用 total、limit 和 offset 计算：

Total pages: Math.ceil(total / limit)
Current page: (offset / limit) + 1
Next page offset: Math.min(offset + limit, (total - 1)) – The value to use as offset for the next page, ensuring it does not exceed the total number of pages.
Previous page offset: Math.max(0, offset - limit) – The value to use as offset for the previous page (ensuring it doesn’t go below zero).

示例用法

获取第二页，每页 10 个用户：

import { authClient } from "@/lib/auth-client";

const pageSize = 10;
const currentPage = 2;

const users = await authClient.admin.listUsers({
    query: {
        limit: pageSize,
        offset: (currentPage - 1) * pageSize
    }
});

const totalUsers = users.total;
const totalPages = Math.ceil(totalUsers / pageSize)

获取用户

通过 ID 获取用户信息。

GET/admin/get-user

const { data, error } = await authClient.admin.getUser({
    query: {
        id: "user-id", // required
    },
});

const { data, error } = await authClient.admin.getUser({    query: {        id: "user-id", // required    },});

Parameters

idstringrequired

The id of the user you want to fetch.

GET/admin/get-user

const data = await auth.api.getUser({
    query: {
        id: "user-id", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.getUser({    query: {        id: "user-id", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

idstringrequired

The id of the user you want to fetch.

Returns

On success, data contains the user object. On failure, error is populated by code, message, status, and statusText.

type GetUserResponse = {
  data: User | null;
  error: null | {
    message: string;
    status: number; // HTTP 状态码
    statusText: string;
    code: string;
}

设置用户角色

更改用户角色。

POST/admin/set-role

const { data, error } = await authClient.admin.setRole({
    userId: "user-id",
    role: "admin", // required
});

const { data, error } = await authClient.admin.setRole({    userId: "user-id",    role: "admin", // required});

Parameters

userIdstring

The user id which you want to set the role for.

rolestring | string[]required

The role to set, this can be a string or an array of strings.

POST/admin/set-role

const data = await auth.api.setRole({
    body: {
        userId: "user-id",
        role: "admin", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.setRole({    body: {        userId: "user-id",        role: "admin", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstring

The user id which you want to set the role for.

rolestring | string[]required

The role to set, this can be a string or an array of strings.

设置用户密码

更改用户密码。

POST/admin/set-user-password

const { data, error } = await authClient.admin.setUserPassword({
    newPassword: 'new-password', // required
    userId: 'user-id', // required
});

const { data, error } = await authClient.admin.setUserPassword({    newPassword: 'new-password', // required    userId: 'user-id', // required});

Parameters

newPasswordstringrequired

The new password.

userIdstringrequired

The user id which you want to set the password for.

POST/admin/set-user-password

const data = await auth.api.setUserPassword({
    body: {
        newPassword: 'new-password', // required
        userId: 'user-id', // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.setUserPassword({    body: {        newPassword: 'new-password', // required        userId: 'user-id', // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

newPasswordstringrequired

The new password.

userIdstringrequired

The user id which you want to set the password for.

更新用户

更新用户详情。

POST/admin/update-user

const { data, error } = await authClient.admin.updateUser({
    userId: "user-id", // required
    data: { name: "John Doe" }, // required
});

const { data, error } = await authClient.admin.updateUser({    userId: "user-id", // required    data: { name: "John Doe" }, // required});

Parameters

userIdstringrequired

The user id which you want to update.

dataRecord<string, any>required

The data to update.

POST/admin/update-user

const data = await auth.api.adminUpdateUser({
    body: {
        userId: "user-id", // required
        data: { name: "John Doe" }, // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.adminUpdateUser({    body: {        userId: "user-id", // required        data: { name: "John Doe" }, // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id which you want to update.

dataRecord<string, any>required

The data to update.

禁止用户

POST/admin/ban-user

await authClient.admin.banUser({
    userId: "user-id", // required
    banReason: "Spamming",
    banExpiresIn: 60 * 60 * 24 * 7,
});

await authClient.admin.banUser({    userId: "user-id", // required    banReason: "Spamming",    banExpiresIn: 60 * 60 * 24 * 7,});

Parameters

userIdstringrequired

The user id which you want to ban.

banReasonstring

The reason for the ban.

banExpiresInnumber

The number of seconds until the ban expires. If not provided, the ban will never expire.

POST/admin/ban-user

await auth.api.banUser({
    body: {
        userId: "user-id", // required
        banReason: "Spamming",
        banExpiresIn: 60 * 60 * 24 * 7,
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

await auth.api.banUser({    body: {        userId: "user-id", // required        banReason: "Spamming",        banExpiresIn: 60 * 60 * 24 * 7,    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id which you want to ban.

banReasonstring

The reason for the ban.

banExpiresInnumber

The number of seconds until the ban expires. If not provided, the ban will never expire.

解禁用户

解除用户禁止状态，允许用户重新登录。

POST/admin/unban-user

await authClient.admin.unbanUser({
    userId: "user-id", // required
});

await authClient.admin.unbanUser({    userId: "user-id", // required});

Parameters

userIdstringrequired

The user id which you want to unban.

POST/admin/unban-user

await auth.api.unbanUser({
    body: {
        userId: "user-id", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

await auth.api.unbanUser({    body: {        userId: "user-id", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id which you want to unban.

列出用户会话

列出用户所有会话。

POST/admin/list-user-sessions

const { data, error } = await authClient.admin.listUserSessions({
    userId: "user-id", // required
});

const { data, error } = await authClient.admin.listUserSessions({    userId: "user-id", // required});

Parameters

userIdstringrequired

The user id.

POST/admin/list-user-sessions

const data = await auth.api.listUserSessions({
    body: {
        userId: "user-id", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.listUserSessions({    body: {        userId: "user-id", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id.

撤销用户会话

POST/admin/revoke-user-session

const { data, error } = await authClient.admin.revokeUserSession({
    sessionToken: "session_token_here", // required
});

const { data, error } = await authClient.admin.revokeUserSession({    sessionToken: "session_token_here", // required});

Parameters

sessionTokenstringrequired

The session token which you want to revoke.

POST/admin/revoke-user-session

const data = await auth.api.revokeUserSession({
    body: {
        sessionToken: "session_token_here", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.revokeUserSession({    body: {        sessionToken: "session_token_here", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

sessionTokenstringrequired

The session token which you want to revoke.

撤销用户所有会话

撤销用户的所有会话。

POST/admin/revoke-user-sessions

const { data, error } = await authClient.admin.revokeUserSessions({
    userId: "user-id", // required
});

const { data, error } = await authClient.admin.revokeUserSessions({    userId: "user-id", // required});

Parameters

userIdstringrequired

The user id which you want to revoke all sessions for.

POST/admin/revoke-user-sessions

const data = await auth.api.revokeUserSessions({
    body: {
        userId: "user-id", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.revokeUserSessions({    body: {        userId: "user-id", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id which you want to revoke all sessions for.

模拟用户

此功能允许管理员创建一个模拟指定用户的会话。该会话将在浏览器会话结束或达到 1 小时后失效。您可以通过设置 impersonationSessionDuration 选项更改此时长。

POST/admin/impersonate-user

const { data, error } = await authClient.admin.impersonateUser({
    userId: "user-id", // required
});

const { data, error } = await authClient.admin.impersonateUser({    userId: "user-id", // required});

Parameters

userIdstringrequired

The user id which you want to impersonate.

POST/admin/impersonate-user

const data = await auth.api.impersonateUser({
    body: {
        userId: "user-id", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const data = await auth.api.impersonateUser({    body: {        userId: "user-id", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id which you want to impersonate.

默认情况下，管理员不能模拟其他管理员用户。若要允许此操作，请为角色授予 impersonate-admins 权限：

auth.ts

const superAdmin = ac.newRole({
  ...adminAc.statements,
  user: ["impersonate-admins", ...adminAc.statements.user],
});

旧版选项 allowImpersonatingAdmins 仍受支持，但已弃用，将在未来版本中移除。

停止模拟用户

停止模拟用户，继续使用管理员账号。

POST/admin/stop-impersonating

await authClient.admin.stopImpersonating();

await authClient.admin.stopImpersonating();

POST/admin/stop-impersonating

await auth.api.stopImpersonating({
    // This endpoint requires session cookies.
    headers: await headers(),
});

await auth.api.stopImpersonating({    // This endpoint requires session cookies.    headers: await headers(),});

删除用户

从数据库中彻底删除用户。

POST/admin/remove-user

const { data: deletedUser, error } = await authClient.admin.removeUser({
    userId: "user-id", // required
});

const { data: deletedUser, error } = await authClient.admin.removeUser({    userId: "user-id", // required});

Parameters

userIdstringrequired

The user id which you want to remove.

POST/admin/remove-user

const deletedUser = await auth.api.removeUser({
    body: {
        userId: "user-id", // required
    },
    // This endpoint requires session cookies.
    headers: await headers(),
});

const deletedUser = await auth.api.removeUser({    body: {        userId: "user-id", // required    },    // This endpoint requires session cookies.    headers: await headers(),});

Parameters

userIdstringrequired

The user id which you want to remove.

访问控制

管理员插件提供了高度灵活的访问控制系统，允许您基于用户角色管理权限。您可以定义自定义权限集以满足需求。

角色

默认情况下，有两个角色：

admin：具有管理员角色的用户对其他用户拥有完全控制权。

user：具有用户角色的用户对其他用户无任何控制权。

一个用户可以拥有多个角色。多个角色以逗号（","）分隔字符串存储。

权限

默认情况下，有两个资源及最多六种权限。

user: create list set-role ban impersonate impersonate-admins delete set-password

session: list revoke delete

拥有管理员角色的用户对所有资源和操作拥有完全控制权。拥有用户角色的用户对任何操作均无控制权。

You first need to create an access controller by calling the createAccessControl function and passing the statement object. The statement object should have the resource name as the key and the array of actions as the value.

permissions.ts

import { createAccessControl } from "better-auth/plugins/access";

/**
 * 确保使用 `as const`，以便 TypeScript 正确推断类型
 */
const statement = { 
    project: ["create", "share", "update", "delete"], 
} as const; 

const ac = createAccessControl(statement);

为减小包体积，请确保从 better-auth/plugins/access 导入，而非 better-auth/plugins。

Create Roles

创建完访问控制器后，即可为定义的权限创建角色。

permissions.ts

import { createAccessControl } from "better-auth/plugins/access";

export const statement = {
    project: ["create", "share", "update", "delete"], // <-- 创建角色可用的权限
} as const;

export const ac = createAccessControl(statement);

export const user = ac.newRole({ 
    project: ["create"], 
}); 

export const admin = ac.newRole({ 
    project: ["create", "update"], 
}); 

export const myCustomRole = ac.newRole({ 
    project: ["create", "update", "delete"], 
    user: ["ban"], 
});

When you create custom roles for existing roles, the predefined permissions for those roles will be overridden. To add the existing permissions to the custom role, you need to import defaultStatements and merge it with your new statement, plus merge the roles' permissions set with the default roles.

permissions.ts

import { createAccessControl } from "better-auth/plugins/access";
import { defaultStatements, adminAc } from "better-auth/plugins/admin/access";

const statement = {
    ...defaultStatements, 
    project: ["create", "share", "update", "delete"],
} as const;

const ac = createAccessControl(statement);

const admin = ac.newRole({
    project: ["create", "update"],
    ...adminAc.statements, 
});

Pass Roles to the Plugin

Once you have created the roles you can pass them to the admin plugin both on the client and the server.

auth.ts

import { betterAuth } from "better-auth"
import { admin as adminPlugin } from "better-auth/plugins"
import { ac, admin, user } from "@/auth/permissions"

export const auth = betterAuth({
    plugins: [
        adminPlugin({
            ac,
            roles: {
                admin,
                user,
                myCustomRole
            }
        }),
    ],
});

You also need to pass the access controller and the roles to the client plugin.

auth-client.ts

import { createAuthClient } from "better-auth/client"
import { adminClient } from "better-auth/client/plugins"
import { ac, admin, user, myCustomRole } from "@/auth/permissions"

export const client = createAuthClient({
    plugins: [
        adminClient({
            ac,
            roles: {
                admin,
                user,
                myCustomRole
            }
        })
    ]
})

访问控制用法

拥有权限：

POST/admin/has-permission

const { data, error } = await authClient.admin.hasPermission({
    userId: "user-id",
    permission: { "project": ["create", "update"] } /* Must use this, or permissions */,
    permissions,
});

const { data, error } = await authClient.admin.hasPermission({    userId: "user-id",    permission: { "project": ["create", "update"] } /* Must use this, or permissions */,    permissions,});

Parameters

userIdstring

The user id which you want to check the permissions for.

permissionRecord<string, string[]>

Optionally check if a single permission is granted. Must use this, or permissions.

permissionsRecord<string, string[]>

Optionally check if multiple permissions are granted. Must use this, or permission.

POST/admin/has-permission

const data = await auth.api.userHasPermission({
    body: {
        userId: "user-id",
        role: "admin", // server-only
        permission: { "project": ["create", "update"] } /* Must use this, or permissions */,
        permissions,
    },
});

const data = await auth.api.userHasPermission({    body: {        userId: "user-id",        role: "admin", // server-only        permission: { "project": ["create", "update"] } /* Must use this, or permissions */,        permissions,    },});

Parameters

userIdstring

The user id which you want to check the permissions for.

rolestringserver

Check role permissions.

permissionRecord<string, string[]>

Optionally check if a single permission is granted. Must use this, or permissions.

permissionsRecord<string, string[]>

Optionally check if multiple permissions are granted. Must use this, or permission.

示例用法：

import { authClient } from "@/lib/auth-client";

const canCreateProject = await authClient.admin.hasPermission({
  permissions: {
    project: ["create"],
  },
});

// 也可以同时检查多个资源权限
const canCreateProjectAndCreateSale = await authClient.admin.hasPermission({
  permissions: {
    project: ["create"],
    sale: ["create"]
  },
});

If you want to check a user's permissions server-side, you can use the userHasPermission action provided by the api to check the user's permissions.

permission.ts

import { auth } from "@/lib/auth"

await auth.api.userHasPermission({
  body: {
    userId: 'id', // 用户 id
    permissions: {
      project: ["create"], // 必须匹配访问控制中的结构
    },
  },
});

// 也可以直接传递角色
await auth.api.userHasPermission({
  body: {
   role: "admin",
    permissions: {
      project: ["create"], // 必须匹配访问控制中的结构
    },
  },
});

// 也可以同时检查多个资源权限
await auth.api.userHasPermission({
  body: {
   role: "admin",
    permissions: {
      project: ["create"], // 必须匹配访问控制中的结构
      sale: ["create"]
    },
  },
});

Check Role Permission:

注意此函数不会直接检查当前登录用户权限，而是检查指定角色拥有哪些权限。该函数为同步函数，调用时无需 await。

import { authClient } from "@/lib/auth-client";

const canCreateProject = authClient.admin.checkRolePermission({
  permissions: {
    user: ["delete"],
  },
  role: "admin",
});

// 也可以同时检查多个资源权限
const canDeleteUserAndRevokeSession = authClient.admin.checkRolePermission({
  permissions: {
    user: ["delete"],
    session: ["revoke"]
  },
  role: "admin",
});

架构

该插件为 user 表添加以下字段：

Table

字段

类型

键

描述

role ?

string

The user's role. Defaults to `user`. Admins will have the `admin` role.

banned ?

boolean

Indicates whether the user is banned.

banReason ?

string

The reason for the user's ban.

banExpires ?

date

The date when the user's ban will expire.

并在 session 表中添加一个字段：

Table

字段

类型

键

描述

impersonatedBy ?

string

The ID of the admin that is impersonating this session.

电子邮件枚举保护

如果您使用电子邮件枚举保护（requireEmailVerification 或 autoSignIn: false），您需要配置 customSyntheticUser，在伪造的注册响应中包含管理员插件字段：

auth.ts

export const auth = betterAuth({
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: true,
    customSyntheticUser: ({ coreFields, additionalFields, id }) => ({
      ...coreFields,
      // 管理员插件字段（按架构顺序）
      role: "user", // 或您配置的 defaultRole
      banned: false,
      banReason: null,
      banExpires: null,
      ...additionalFields,
      id,
    }),
  },
  plugins: [admin()],
});

选项

默认角色

用户的默认角色。默认为 user。

auth.ts

admin({
  defaultRole: "regular",
});

Admin Roles

管理员角色

指定哪些角色被视为管理员角色。默认为 ["admin"]。自定义角色（例如 superadmin）必须在自定义访问控制中定义。

auth.ts

admin({
  // 需要在自定义访问控制中的 `roles` 里定义 `superadmin`
  adminRoles: ["admin", "superadmin"],
});

Note: The adminRoles option is not required when using custom access control (via ac and roles). When you define custom roles with specific permissions, those roles will have exactly the permissions you grant them through the access control system.

Warning: When not using custom access control, only admin and user exist as valid roles. Any role that isn't in the adminRoles list will not be able to perform admin operations.

管理员用户 ID

您可以传入一个管理员用户 ID 数组，默认为 []

auth.ts

admin({
    adminUserIds: ["user_id_1", "user_id_2"]
})

如果用户 ID 在 adminUserIds 列表中，他们将能执行任何管理员操作。

impersonationSessionDuration

模拟会话的持续时长，单位秒。默认为 1 小时。

auth.ts

admin({
  impersonationSessionDuration: 60 * 60 * 24, // 1 天
});

默认禁止原因

管理员创建用户时的默认禁止原因。默认为 No reason。

auth.ts

admin({
  defaultBanReason: "Spamming",
});

默认禁止过期时间

管理员创建用户时的默认禁止过期时间，单位秒。默认为 undefined（即禁止永不过期）。

auth.ts

admin({
  defaultBanExpiresIn: 60 * 60 * 24, // 1 天
});

禁止用户消息

禁止用户尝试登录时显示的消息。默认为 "You have been banned from this application. Please contact support if you believe this is an error."

auth.ts

admin({
  bannedUserMessage: "自定义禁止用户提示信息",
});

On this page