Francy51/Neon-Desk
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

implement better-auth auth with postgres and route protection

Browse Source
This commit is contained in:
francy51
2026-02-24 13:32:43 -05:00
parent fd168f607c
commit 52a4ab38d3
31 changed files with 1202 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -6,6 +6,8 @@ Turbopack-first rebuild of a fiscal.ai-style terminal with OpenClaw integration.
- Next.js 16 App Router
- Turbopack for `dev` and `build`
- Better Auth (email/password, magic link, admin, organization plugins)
- PostgreSQL adapter for Better Auth
- Internal API routes (`app/api/*`)
- Durable local task engine and JSON data store
- OpenClaw/ZeroClaw analysis via OpenAI-compatible chat endpoint
@@ -19,6 +21,9 @@ npm run dev
Open [http://localhost:3000](http://localhost:3000).
Better Auth requires PostgreSQL. Set `DATABASE_URL`, `BETTER_AUTH_SECRET`, and `BETTER_AUTH_BASE_URL` in `.env.local`.
Auth tables are migrated automatically on first authenticated request.
## Production build
```bash
@@ -34,6 +39,7 @@ docker compose up --build -d
```
For local Docker, host port mapping comes from `docker-compose.override.yml` (default `http://localhost:3000`, configurable via `APP_PORT`).
The local override also starts PostgreSQL and wires `DATABASE_URL` to `postgres://postgres:postgres@postgres:5432/fiscal_clone`.
For Coolify/remote Docker Compose, only container port `3000` is exposed internally (no fixed host port bind), avoiding host port collisions.
Runtime data persists in the `app_data` volume (`/app/data` in container).
Docker builds install the npm version from `NPM_VERSION` (default `latest`).
@@ -45,6 +51,11 @@ Use root `.env` or root `.env.local`:
```env
# leave blank for same-origin API
NEXT_PUBLIC_API_URL=
DATABASE_URL=postgres://postgres:postgres@localhost:5432/fiscal_clone
BETTER_AUTH_SECRET=replace-with-a-long-random-secret
BETTER_AUTH_BASE_URL=http://localhost:3000
BETTER_AUTH_ADMIN_USER_IDS=
BETTER_AUTH_TRUSTED_ORIGINS=http://localhost:3000
OPENCLAW_BASE_URL=http://localhost:4000
OPENCLAW_API_KEY=your_key
@@ -56,6 +67,7 @@ If OpenClaw is unset, the app uses local fallback analysis so task workflows sti
## API surface
- `GET|POST|PATCH|PUT|DELETE /api/auth/*` (Better Auth handler)
- `GET /api/health`
- `GET /api/me`
- `GET|POST /api/watchlist`