implement better-auth auth with postgres and route protection
This commit is contained in:
92
lib/auth.ts
Normal file
92
lib/auth.ts
Normal file
@@ -0,0 +1,92 @@
|
||||
import { betterAuth } from 'better-auth';
|
||||
import { getMigrations } from 'better-auth/db';
|
||||
import { nextCookies } from 'better-auth/next-js';
|
||||
import { admin, magicLink, organization } from 'better-auth/plugins';
|
||||
import { Pool } from 'pg';
|
||||
|
||||
declare global {
|
||||
// eslint-disable-next-line no-var
|
||||
var __fiscalAuthPgPool: Pool | undefined;
|
||||
}
|
||||
|
||||
type BetterAuthInstance = ReturnType<typeof betterAuth>;
|
||||
|
||||
let authInstance: BetterAuthInstance | null = null;
|
||||
let migrationPromise: Promise<void> | null = null;
|
||||
|
||||
function parseCsvList(value: string | undefined) {
|
||||
return (value ?? '')
|
||||
.split(',')
|
||||
.map((entry) => entry.trim())
|
||||
.filter((entry) => entry.length > 0);
|
||||
}
|
||||
|
||||
function getPool() {
|
||||
const connectionString = process.env.DATABASE_URL?.trim();
|
||||
if (!connectionString) {
|
||||
throw new Error('DATABASE_URL is required for Better Auth PostgreSQL adapter.');
|
||||
}
|
||||
|
||||
if (!globalThis.__fiscalAuthPgPool) {
|
||||
globalThis.__fiscalAuthPgPool = new Pool({ connectionString });
|
||||
}
|
||||
|
||||
return globalThis.__fiscalAuthPgPool;
|
||||
}
|
||||
|
||||
function buildAuth() {
|
||||
const adminUserIds = parseCsvList(process.env.BETTER_AUTH_ADMIN_USER_IDS);
|
||||
const trustedOrigins = parseCsvList(process.env.BETTER_AUTH_TRUSTED_ORIGINS);
|
||||
const baseURL = process.env.BETTER_AUTH_BASE_URL?.trim()
|
||||
|| process.env.BETTER_AUTH_URL?.trim()
|
||||
|| undefined;
|
||||
const secret = process.env.BETTER_AUTH_SECRET?.trim() || undefined;
|
||||
|
||||
return betterAuth({
|
||||
database: getPool(),
|
||||
baseURL,
|
||||
secret,
|
||||
emailAndPassword: {
|
||||
enabled: true
|
||||
},
|
||||
trustedOrigins: trustedOrigins.length > 0 ? trustedOrigins : undefined,
|
||||
plugins: [
|
||||
admin(adminUserIds.length > 0 ? { adminUserIds } : undefined),
|
||||
magicLink({
|
||||
sendMagicLink: async ({ email, url }) => {
|
||||
console.info(`[better-auth] Magic link requested for ${email}: ${url}`);
|
||||
}
|
||||
}),
|
||||
organization(),
|
||||
nextCookies()
|
||||
]
|
||||
});
|
||||
}
|
||||
|
||||
export function getAuth() {
|
||||
if (!authInstance) {
|
||||
authInstance = buildAuth();
|
||||
}
|
||||
|
||||
return authInstance;
|
||||
}
|
||||
|
||||
export async function ensureAuthSchema() {
|
||||
const auth = getAuth();
|
||||
|
||||
if (!migrationPromise) {
|
||||
migrationPromise = (async () => {
|
||||
const { runMigrations } = await getMigrations(auth.options);
|
||||
await runMigrations();
|
||||
})();
|
||||
}
|
||||
|
||||
try {
|
||||
await migrationPromise;
|
||||
} catch (error) {
|
||||
migrationPromise = null;
|
||||
throw error;
|
||||
}
|
||||
|
||||
return auth;
|
||||
}
|
||||
Reference in New Issue
Block a user