Remove social auth and stabilize email/password flow

backend/src/auth.ts

@@ -2,23 +2,20 @@ import { betterAuth } from "better-auth";
 import { Pool } from "pg";
 
 const defaultDatabaseUrl = `postgres://${process.env.POSTGRES_USER || 'postgres'}:${process.env.POSTGRES_PASSWORD || 'postgres'}@${process.env.POSTGRES_HOST || 'localhost'}:5432/${process.env.POSTGRES_DB || 'fiscal'}`;
+const defaultFrontendUrl = process.env.FRONTEND_URL || 'http://localhost:3000';
+const trustedOrigins = defaultFrontendUrl
+  .split(',')
+  .map((origin) => origin.trim())
+  .filter(Boolean);
 
 export const auth = betterAuth({
   database: new Pool({
     connectionString: process.env.DATABASE_URL || defaultDatabaseUrl,
   }),
+  trustedOrigins,
   emailAndPassword: {
     enabled: true,
-  },
-  socialProviders: {
-    github: {
-      clientId: process.env.GITHUB_ID as string,
-      clientSecret: process.env.GITHUB_SECRET as string,
-    },
-    google: {
-      clientId: process.env.GOOGLE_ID as string,
-      clientSecret: process.env.GOOGLE_SECRET as string,
-    },
+    autoSignIn: true,
   },
   user: {
     modelName: "users",

backend/src/index.ts

@@ -12,11 +12,13 @@ import { openclawRoutes } from './routes/openclaw';
 import { watchlistRoutes } from './routes/watchlist';
 import { betterAuthRoutes } from './routes/better-auth';
 
+const frontendOrigin = process.env.FRONTEND_URL || 'http://localhost:3000';
+
 const app = new Elysia({
   prefix: '/api'
 })
   .use(cors({
-    origin: '*',
+    origin: frontendOrigin,
     credentials: true,
     methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
   }))

backend/src/routes/better-auth.ts

@@ -2,6 +2,6 @@ import { Elysia } from 'elysia';
 import { auth } from '../auth';
 
 export const betterAuthRoutes = new Elysia()
-  .all('/api/auth/*', async ({ request }) => {
+  .all('/auth/*', async ({ request }) => {
     return auth.handler(request);
   });