From cae7cbb98fbd6f6f698bf40fc622bddf795dc1ce Mon Sep 17 00:00:00 2001
From: francy51 <francesco12382@gmail.com>
Date: Sat, 21 Feb 2026 23:16:16 -0500
Subject: [PATCH] Remove social auth and stabilize email/password flow

---
 .env.example                      |  5 +--
 backend/src/auth.ts               | 17 ++++----
 backend/src/index.ts              |  4 +-
 backend/src/routes/better-auth.ts |  2 +-
 docker-compose.yml                |  1 +
 frontend/app/auth/signin/page.tsx | 70 ++++++++-----------------------
 frontend/app/auth/signup/page.tsx | 19 +++++++--
 7 files changed, 46 insertions(+), 72 deletions(-)

diff --git a/.env.example b/.env.example
index 666c4f3..8f9bde5 100644
--- a/.env.example
+++ b/.env.example
@@ -11,10 +11,7 @@ NODE_ENV=development
 JWT_SECRET=change-this-to-a-random-secret-key
 BETTER_AUTH_SECRET=change-this-to-a-random-secret-key
 BETTER_AUTH_BASE_URL=http://localhost:3001
-GITHUB_ID=
-GITHUB_SECRET=
-GOOGLE_ID=
-GOOGLE_SECRET=
+FRONTEND_URL=http://localhost:3000
 
 # Frontend
 NEXT_PUBLIC_API_URL=http://localhost:3001
diff --git a/backend/src/auth.ts b/backend/src/auth.ts
index 669182b..bad2327 100644
--- a/backend/src/auth.ts
+++ b/backend/src/auth.ts
@@ -2,23 +2,20 @@ import { betterAuth } from "better-auth";
 import { Pool } from "pg";
 
 const defaultDatabaseUrl = `postgres://${process.env.POSTGRES_USER || 'postgres'}:${process.env.POSTGRES_PASSWORD || 'postgres'}@${process.env.POSTGRES_HOST || 'localhost'}:5432/${process.env.POSTGRES_DB || 'fiscal'}`;
+const defaultFrontendUrl = process.env.FRONTEND_URL || 'http://localhost:3000';
+const trustedOrigins = defaultFrontendUrl
+  .split(',')
+  .map((origin) => origin.trim())
+  .filter(Boolean);
 
 export const auth = betterAuth({
   database: new Pool({
     connectionString: process.env.DATABASE_URL || defaultDatabaseUrl,
   }),
+  trustedOrigins,
   emailAndPassword: {
     enabled: true,
-  },
-  socialProviders: {
-    github: {
-      clientId: process.env.GITHUB_ID as string,
-      clientSecret: process.env.GITHUB_SECRET as string,
-    },
-    google: {
-      clientId: process.env.GOOGLE_ID as string,
-      clientSecret: process.env.GOOGLE_SECRET as string,
-    },
+    autoSignIn: true,
   },
   user: {
     modelName: "users",
diff --git a/backend/src/index.ts b/backend/src/index.ts
index ec176cf..25fec57 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -12,11 +12,13 @@ import { openclawRoutes } from './routes/openclaw';
 import { watchlistRoutes } from './routes/watchlist';
 import { betterAuthRoutes } from './routes/better-auth';
 
+const frontendOrigin = process.env.FRONTEND_URL || 'http://localhost:3000';
+
 const app = new Elysia({
   prefix: '/api'
 })
   .use(cors({
-    origin: '*',
+    origin: frontendOrigin,
     credentials: true,
     methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
   }))
diff --git a/backend/src/routes/better-auth.ts b/backend/src/routes/better-auth.ts
index e08232b..f3944f0 100644
--- a/backend/src/routes/better-auth.ts
+++ b/backend/src/routes/better-auth.ts
@@ -2,6 +2,6 @@ import { Elysia } from 'elysia';
 import { auth } from '../auth';
 
 export const betterAuthRoutes = new Elysia()
-  .all('/api/auth/*', async ({ request }) => {
+  .all('/auth/*', async ({ request }) => {
     return auth.handler(request);
   });
diff --git a/docker-compose.yml b/docker-compose.yml
index 9cb3b3a..cc96064 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,6 +32,7 @@ services:
       POSTGRES_HOST: postgres
       BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:-local-dev-better-auth-secret-change-me}
       BETTER_AUTH_BASE_URL: ${BETTER_AUTH_BASE_URL:-http://localhost:3001}
+      FRONTEND_URL: ${FRONTEND_URL:-http://localhost:3000}
     expose:
       - "3001"
     depends_on:
diff --git a/frontend/app/auth/signin/page.tsx b/frontend/app/auth/signin/page.tsx
index e140078..1c660a9 100644
--- a/frontend/app/auth/signin/page.tsx
+++ b/frontend/app/auth/signin/page.tsx
@@ -1,14 +1,24 @@
 'use client';
 
-import { signIn } from '@/lib/better-auth';
-import { useState } from 'react';
+import { signIn, useSession } from '@/lib/better-auth';
+import { useRouter } from 'next/navigation';
+import { useEffect, useState } from 'react';
 
 export default function SignIn() {
+  const { data: session, isPending: sessionPending } = useSession();
+  const router = useRouter();
+
   const [email, setEmail] = useState('');
   const [password, setPassword] = useState('');
   const [loading, setLoading] = useState(false);
   const [error, setError] = useState('');
 
+  useEffect(() => {
+    if (!sessionPending && session?.user) {
+      router.replace('/');
+    }
+  }, [sessionPending, session, router]);
+
   const handleCredentialsLogin = async (e: React.FormEvent) => {
     e.preventDefault();
     setLoading(true);
@@ -22,9 +32,11 @@ export default function SignIn() {
 
       if (result.error) {
         setError(result.error.message || 'Invalid credentials');
-      } else {
-        window.location.href = '/';
+        return;
       }
+
+      router.replace('/');
+      router.refresh();
     } catch (err) {
       setError('Login failed');
     } finally {
@@ -32,17 +44,6 @@ export default function SignIn() {
     }
   };
 
-  const handleSocialSignIn = async (provider: 'github' | 'google') => {
-    try {
-      await signIn.social({
-        provider,
-        callbackURL: '/',
-      });
-    } catch (err) {
-      setError(`Failed to sign in with ${provider}`);
-    }
-  };
-
   return (
     <div className="min-h-screen bg-gradient-to-br from-slate-900 to-slate-800 flex items-center justify-center p-4">
       <div className="max-w-md w-full bg-slate-800/50 rounded-lg p-8 border border-slate-700">
@@ -89,50 +90,15 @@ export default function SignIn() {
 
           <button
             type="submit"
-            disabled={loading}
+            disabled={loading || sessionPending}
             className="w-full bg-gradient-to-r from-blue-500 to-purple-500 hover:from-blue-600 hover:to-purple-600 text-white font-semibold py-3 rounded-lg transition disabled:opacity-50 disabled:cursor-not-allowed"
           >
             {loading ? 'Signing in...' : 'Sign In'}
           </button>
         </form>
 
-        <div className="mt-6">
-          <div className="relative">
-            <div className="absolute inset-0 flex items-center">
-              <div className="w-full border-t border-slate-600"></div>
-            </div>
-            <div className="relative flex justify-center text-sm">
-              <span className="px-2 bg-slate-800 text-slate-400">Or continue with</span>
-            </div>
-          </div>
-        </div>
-
-        <div className="mt-6 grid grid-cols-2 gap-4">
-          <button
-            onClick={() => handleSocialSignIn('github')}
-            className="bg-slate-700 hover:bg-slate-600 text-white font-semibold py-3 rounded-lg transition flex items-center justify-center gap-2"
-          >
-            <svg className="w-5 h-5" fill="currentColor" viewBox="0 0 24 24">
-              <path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546 1.377-1.333 1.377-1.333 1.06 0 1.783.591 1.783.591.266 0 .494-.107.68-.297.107-.297.469-.936.469-1.684 0-1.251-1.006-2.261-2.261-2.261-.965 0-1.757.781-1.757 1.753 0 .286.08.526.212.743.265.265.265.673 0 .995-.265.323-.646.454-.646.454-.323 0-.543-.181-.699-.468-.156-.287-.234-.744-.234-1.364v-2.261c-3.37.726-4.148-1.417-4.148-1.417-.557 1.39-1.353 1.39-1.353 1.073 0 1.814.603 1.814.603.277 0 .516-.111.728-.296.212-.185.313-.61.313-1.303 0-1.258-1.018-2.274-2.274-2.274-.984 0-1.796.802-1.796 1.796 0 .29.095.536.26.758.26.26.26.669 0 .996-.266.327-.649.457-.649.457-.33 0-.556-.186-.713-.48-.157-.293-.236-.767-.236-1.404v-2.279c-3.404.741-4.242-1.447-4.242-1.447-.569 1.416-1.379 1.416-1.379 1.084 0 1.829.616 1.829.616.283 0 .523-.113.742-.301.22-.188.327-.626.327-1.323 0-1.265-1.03-2.29-2.29-2.29-1.006 0-1.831.825-1.831 1.831 0 .294.099.543.277.767.277.277.277.693 0 1.004-.27.311-.663.437-.663.437-.34 0-.571-.197-.736-.506-.165-.31-.248-.794-.248-1.447v-2.293c-3.432.748-4.338-1.48-4.338-1.48-.583 1.44-1.404 1.44-1.404 1.095 0 1.846.629 1.846.629.29 0 .537-.116.76-.308.223-.192.34-.648.34-1.35 0-1.271-1.044-2.304-2.304-2.304-1.029 0-1.867.839-1.867 1.867 0 .298.102.55.286.775.286.286.286.718 0 1.039-.278.316-.682.443-.682.443-.349 0-.597-.204-.761-.523-.165-.32-.248-.825-.248-1.491v-2.307c-3.462.756-4.432-1.514-4.432-1.514-.597 1.463-1.431 1.463-1.431 1.105 0 1.864.64 1.864.64.297 0 .55-.119.774-.313.224-.193.353-.672.353-1.377 0-1.277-1.059-2.318-2.318-2.318-1.053 0-1.904.865-1.904 1.904 0 .302.105.557.297.786.297.297.297.741 0 1.075-.284.32-.716.447-.716.447-.358 0-.622-.211-.788-.549-.167-.338-.25-.858-.25-1.536v-2.322c-3.49.764-4.525-1.549-4.525-1.549-.611 1.487-1.457 1.487-1.457 1.116 0 1.882.651 1.882.651.303 0 .562-.123.792-.319.23-.196.361-.696.361-1.405 0-1.283-1.074-2.332-2.332-2.332-1.078 0-1.94.881-1.94 1.94 0 .306.107.567.303.798.303.303.303.763 0 1.111-.29.325-.75.452-.75.452-.367 0-.646-.219-.814-.575-.168-.357-.254-.891-.254-1.582v-2.336c-3.52.772-4.617-1.585-4.617-1.585-.625 1.511-1.484 1.511-1.484 1.127 0 1.9.663 1.9.663.309 0 .574-.127.81-.326.236-.199.368-.721.368-1.432 0-1.29-1.089-2.346-2.346-2.346-1.103 0-1.976.904-1.976 1.976 0 .31.109.579.31.81.31.31.31.784 0 1.147-.298.331-.783.457-.783.457-.376 0-.67-.227-.842-.602-.172-.376-.259-.923-.259-1.628v-2.35z"/>
-            </svg>
-            GitHub
-          </button>
-          <button
-            onClick={() => handleSocialSignIn('google')}
-            className="bg-slate-700 hover:bg-slate-600 text-white font-semibold py-3 rounded-lg transition flex items-center justify-center gap-2"
-          >
-            <svg className="w-5 h-5" viewBox="0 0 24 24">
-              <path fill="currentColor" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/>
-              <path fill="currentColor" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/>
-              <path fill="currentColor" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/>
-              <path fill="currentColor" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/>
-            </svg>
-            Google
-          </button>
-        </div>
-
         <p className="mt-8 text-center text-sm text-slate-400">
-          Don't have an account?{' '}
+          Don&apos;t have an account?{' '}
           <a href="/auth/signup" className="text-blue-400 hover:text-blue-300">
             Sign up
           </a>
diff --git a/frontend/app/auth/signup/page.tsx b/frontend/app/auth/signup/page.tsx
index 5f861e6..282f617 100644
--- a/frontend/app/auth/signup/page.tsx
+++ b/frontend/app/auth/signup/page.tsx
@@ -1,15 +1,25 @@
 'use client';
 
-import { signUp } from '@/lib/better-auth';
-import { useState } from 'react';
+import { signUp, useSession } from '@/lib/better-auth';
+import { useRouter } from 'next/navigation';
+import { useEffect, useState } from 'react';
 
 export default function SignUp() {
+  const { data: session, isPending: sessionPending } = useSession();
+  const router = useRouter();
+
   const [name, setName] = useState('');
   const [email, setEmail] = useState('');
   const [password, setPassword] = useState('');
   const [loading, setLoading] = useState(false);
   const [error, setError] = useState('');
 
+  useEffect(() => {
+    if (!sessionPending && session?.user) {
+      router.replace('/');
+    }
+  }, [sessionPending, session, router]);
+
   const handleSignUp = async (e: React.FormEvent) => {
     e.preventDefault();
     setLoading(true);
@@ -25,7 +35,8 @@ export default function SignUp() {
       if (result.error) {
         setError(result.error.message || 'Sign up failed');
       } else {
-        window.location.href = '/';
+        router.replace('/');
+        router.refresh();
       }
     } catch (err) {
       setError('Sign up failed');
@@ -94,7 +105,7 @@ export default function SignUp() {
 
           <button
             type="submit"
-            disabled={loading}
+            disabled={loading || sessionPending}
             className="w-full bg-gradient-to-r from-blue-500 to-purple-500 hover:from-blue-600 hover:to-purple-600 text-white font-semibold py-3 rounded-lg transition disabled:opacity-50 disabled:cursor-not-allowed"
           >
             {loading ? 'Creating account...' : 'Sign Up'}