feat: Migrate from NextAuth to Better Auth

Backend changes:
- Add better-auth and pg packages
- Create Better Auth instance with PostgreSQL adapter
- Add Better Auth route handler at /api/auth/*
- Create migration script for Better Auth database schema
- Update main index to use Better Auth routes instead of custom auth
- Configure email/password and OAuth (GitHub/Google) providers

Frontend changes:
- Add better-auth client
- Create Better Auth client instance configuration
- Update lib/auth.ts to use Better Auth session
- Rewrite sign-in page with Better Auth methods
- Rewrite sign-up page with Better Auth methods
- Remove NextAuth route handler

Documentation:
- Add comprehensive migration guide with setup instructions
- Document environment variables and API endpoints
- Include testing checklist and rollback plan

Benefits:
- Unified authentication for both Elysia backend and Next.js frontend
- Database-backed sessions (more secure than JWT)
- Better TypeScript support
- Extensible plugin system for future features
- Active development and frequent updates

BETTER_AUTH_MIGRATION.md

@@ -0,0 +1,174 @@
+# Better Auth Migration
+
+## Overview
+Migrated from NextAuth v5 (beta) to Better Auth for unified authentication across both Elysia (backend) and Next.js (frontend).
+
+## Backend Changes
+
+### Installation
+- Added `better-auth@1.4.18` package
+- Added `pg@8.18.0` for PostgreSQL connection pool
+
+### New Files
+- `backend/src/auth.ts` - Better Auth instance configuration
+- `backend/src/routes/better-auth.ts` - Route handler for auth endpoints
+- `backend/src/better-auth-migrate.ts` - Database migration script
+
+### Modified Files
+- `backend/src/index.ts` - Replaced custom auth routes with Better Auth routes
+- Removed custom JWT-based authentication routes (`backend/src/routes/auth.ts` can be deleted after migration)
+
+### Database Schema
+New tables added:
+- `session` - Session management
+- `account` - OAuth/credential account storage
+- `verification` - Email verification tokens
+
+Existing `users` table extended with:
+- `email_verified` (BOOLEAN)
+- `image` (TEXT)
+
+### Migration Steps
+1. Run the migration script:
+   ```bash
+   cd backend
+   bun run src/better-auth-migrate.ts
+   ```
+
+2. Set environment variables:
+   ```env
+   BETTER_AUTH_SECRET=<generate with: openssl rand -base64 32>
+   BETTER_AUTH_URL=http://localhost:3001
+   ```
+
+## Frontend Changes
+
+### Installation
+- Added `better-auth` package (includes React client)
+
+### New Files
+- `frontend/lib/better-auth.ts` - Better Auth client instance
+
+### Modified Files
+- `frontend/lib/auth.ts` - Updated to use Better Auth session
+- `frontend/app/auth/signin/page.tsx` - Updated to use Better Auth methods
+- `frontend/app/auth/signup/page.tsx` - Updated to use Better Auth methods
+- Removed `frontend/app/api/auth/[...nextauth]/route.ts` - No longer needed
+
+### Authentication Methods
+Better Auth supports:
+- Email/password (`signIn.email`, `signUp.email`)
+- OAuth providers (`signIn.social`):
+  - GitHub (`signIn.social({ provider: 'github' })`)
+  - Google (`signIn.social({ provider: 'google' })`)
+
+### Session Management
+```typescript
+import { useSession } from '@/lib/better-auth';
+
+// In client components
+const { data: session } = useSession();
+```
+
+```typescript
+import { authClient } from '@/lib/better-auth';
+
+// In server components
+const { data: session } = await authClient.getSession();
+```
+
+## Environment Variables
+
+### Required
+```env
+# Backend
+DATABASE_URL=postgres://user:password@localhost:5432/fiscal
+BETTER_AUTH_SECRET=<32+ character random string>
+BETTER_AUTH_URL=http://localhost:3001
+
+# OAuth Providers
+GITHUB_ID=<your github client id>
+GITHUB_SECRET=<your github client secret>
+GOOGLE_ID=<your google client id>
+GOOGLE_SECRET=<your google client secret>
+
+# Frontend
+NEXT_PUBLIC_API_URL=http://localhost:3001
+```
+
+## API Endpoints
+
+Better Auth provides these endpoints automatically (mounted at `/api/auth/*`):
+
+### Email/Password
+- `POST /api/auth/sign-up/email` - Sign up with email
+- `POST /api/auth/sign-in/email` - Sign in with email
+- `GET /api/auth/get-session` - Get current session
+- `POST /api/auth/sign-out` - Sign out
+
+### OAuth
+- `GET /api/auth/sign-in/social` - Initiate OAuth flow
+- `GET /api/auth/callback/*` - OAuth callback handler
+
+### Session
+- `GET /api/auth/get-session` - Get current session
+- `POST /api/auth/update-session` - Update session data
+
+## Key Differences from NextAuth
+
+### NextAuth
+- Configuration in route handler (`app/api/auth/[...nextauth]/route.ts`)
+- Server-side session management with JWT
+- Custom callback for session/user data
+- Requires `signIn()` and `signOut()` from `next-auth/react`
+
+### Better Auth
+- Configuration in separate file (`backend/src/auth.ts`)
+- Server and client components unified API
+- Built-in session management with database storage
+- `signIn.email`, `signIn.social`, `signOut` from `better-auth/react`
+- Direct database access for user/session data
+
+## Testing Checklist
+
+- [ ] Run database migration: `bun run src/better-auth-migrate.ts`
+- [ ] Start backend server
+- [ ] Test email/password signup
+- [ ] Test email/password login
+- [ ] Test GitHub OAuth
+- [ ] Test Google OAuth
+- [ ] Test sign out
+- [ ] Test protected routes redirect to sign in
+- [ ] Test session persistence across page refreshes
+
+## Rollback Plan
+
+If issues arise, revert to NextAuth:
+1. Restore `frontend/app/api/auth/[...nextauth]/route.ts`
+2. Restore `frontend/app/auth/signin/page.tsx` and `frontend/app/auth/signup/page.tsx`
+3. Restore `frontend/lib/auth.ts`
+4. Remove `backend/src/auth.ts` and `backend/src/routes/better-auth.ts`
+5. Restore custom auth routes in backend
+
+## Benefits of Better Auth
+
+1. **Unified Auth** - Single auth system for both backend and frontend
+2. **Type Safety** - Better TypeScript support
+3. **Database-Backed Sessions** - More secure than JWT
+4. **Extensible** - Plugin system for 2FA, email verification, etc.
+5. **Active Development** - More frequent updates and improvements
+6. **Framework Agnostic** - Works with any backend framework
+
+## Future Improvements
+
+1. Enable email verification (Better Auth plugin)
+2. Add two-factor authentication (Better Auth plugin)
+3. Implement account management (password reset, email change)
+4. Add session management UI (view active sessions, revoke)
+5. Implement role-based access control (Better Auth plugin)
+
+## Resources
+
+- Better Auth Docs: https://www.better-auth.com/
+- Better Auth GitHub: https://github.com/better-auth/better-auth
+- Migration Guide: https://www.better-auth.com/docs/migration

backend/bun.lock

@@ -0,0 +1,198 @@
+{
+  "lockfileVersion": 1,
+  "configVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "fiscal-backend",
+      "dependencies": {
+        "@elysiajs/cors": "^1.4.1",
+        "@elysiajs/swagger": "^1.3.1",
+        "bcryptjs": "^3.0.3",
+        "better-auth": "^1.4.18",
+        "dotenv": "^17.3.1",
+        "elysia": "^1.4.25",
+        "jsonwebtoken": "^9.0.3",
+        "pg": "^8.18.0",
+        "postgres": "^3.4.8",
+        "zod": "^4.3.6",
+      },
+      "devDependencies": {
+        "@types/bcryptjs": "^3.0.0",
+        "@types/jsonwebtoken": "^9.0.10",
+        "@types/pg": "^8.16.0",
+        "bun-types": "latest",
+      },
+    },
+  },
+  "packages": {
+    "@better-auth/core": ["@better-auth/core@1.4.18", "", { "dependencies": { "@standard-schema/spec": "^1.0.0", "zod": "^4.3.5" }, "peerDependencies": { "@better-auth/utils": "0.3.0", "@better-fetch/fetch": "1.1.21", "better-call": "1.1.8", "jose": "^6.1.0", "kysely": "^0.28.5", "nanostores": "^1.0.1" } }, "sha512-q+awYgC7nkLEBdx2sW0iJjkzgSHlIxGnOpsN1r/O1+a4m7osJNHtfK2mKJSL1I+GfNyIlxJF8WvD/NLuYMpmcg=="],
+
+    "@better-auth/telemetry": ["@better-auth/telemetry@1.4.18", "", { "dependencies": { "@better-auth/utils": "0.3.0", "@better-fetch/fetch": "1.1.21" }, "peerDependencies": { "@better-auth/core": "1.4.18" } }, "sha512-e5rDF8S4j3Um/0LIVATL2in9dL4lfO2fr2v1Wio4qTMRbfxqnUDTa+6SZtwdeJrbc4O+a3c+IyIpjG9Q/6GpfQ=="],
+
+    "@better-auth/utils": ["@better-auth/utils@0.3.0", "", {}, "sha512-W+Adw6ZA6mgvnSnhOki270rwJ42t4XzSK6YWGF//BbVXL6SwCLWfyzBc1lN2m/4RM28KubdBKQ4X5VMoLRNPQw=="],
+
+    "@better-fetch/fetch": ["@better-fetch/fetch@1.1.21", "", {}, "sha512-/ImESw0sskqlVR94jB+5+Pxjf+xBwDZF/N5+y2/q4EqD7IARUTSpPfIo8uf39SYpCxyOCtbyYpUrZ3F/k0zT4A=="],
+
+    "@borewit/text-codec": ["@borewit/text-codec@0.2.1", "", {}, "sha512-k7vvKPbf7J2fZ5klGRD9AeKfUvojuZIQ3BT5u7Jfv+puwXkUBUT5PVyMDfJZpy30CBDXGMgw7fguK/lpOMBvgw=="],
+
+    "@elysiajs/cors": ["@elysiajs/cors@1.4.1", "", { "peerDependencies": { "elysia": ">= 1.4.0" } }, "sha512-lQfad+F3r4mNwsxRKbXyJB8Jg43oAOXjRwn7sKUL6bcOW3KjUqUimTS+woNpO97efpzjtDE0tEjGk9DTw8lqTQ=="],
+
+    "@elysiajs/swagger": ["@elysiajs/swagger@1.3.1", "", { "dependencies": { "@scalar/themes": "^0.9.52", "@scalar/types": "^0.0.12", "openapi-types": "^12.1.3", "pathe": "^1.1.2" }, "peerDependencies": { "elysia": ">= 1.3.0" } }, "sha512-LcbLHa0zE6FJKWPWKsIC/f+62wbDv3aXydqcNPVPyqNcaUgwvCajIi+5kHEU6GO3oXUCpzKaMsb3gsjt8sLzFQ=="],
+
+    "@noble/ciphers": ["@noble/ciphers@2.1.1", "", {}, "sha512-bysYuiVfhxNJuldNXlFEitTVdNnYUc+XNJZd7Qm2a5j1vZHgY+fazadNFWFaMK/2vye0JVlxV3gHmC0WDfAOQw=="],
+
+    "@noble/hashes": ["@noble/hashes@2.0.1", "", {}, "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw=="],
+
+    "@scalar/openapi-types": ["@scalar/openapi-types@0.1.1", "", {}, "sha512-NMy3QNk6ytcCoPUGJH0t4NNr36OWXgZhA3ormr3TvhX1NDgoF95wFyodGVH8xiHeUyn2/FxtETm8UBLbB5xEmg=="],
+
+    "@scalar/themes": ["@scalar/themes@0.9.86", "", { "dependencies": { "@scalar/types": "0.1.7" } }, "sha512-QUHo9g5oSWi+0Lm1vJY9TaMZRau8LHg+vte7q5BVTBnu6NuQfigCaN+ouQ73FqIVd96TwMO6Db+dilK1B+9row=="],
+
+    "@scalar/types": ["@scalar/types@0.0.12", "", { "dependencies": { "@scalar/openapi-types": "0.1.1", "@unhead/schema": "^1.9.5" } }, "sha512-XYZ36lSEx87i4gDqopQlGCOkdIITHHEvgkuJFrXFATQs9zHARop0PN0g4RZYWj+ZpCUclOcaOjbCt8JGe22mnQ=="],
+
+    "@sinclair/typebox": ["@sinclair/typebox@0.34.48", "", {}, "sha512-kKJTNuK3AQOrgjjotVxMrCn1sUJwM76wMszfq1kdU4uYVJjvEWuFQ6HgvLt4Xz3fSmZlTOxJ/Ie13KnIcWQXFA=="],
+
+    "@standard-schema/spec": ["@standard-schema/spec@1.1.0", "", {}, "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w=="],
+
+    "@tokenizer/inflate": ["@tokenizer/inflate@0.4.1", "", { "dependencies": { "debug": "^4.4.3", "token-types": "^6.1.1" } }, "sha512-2mAv+8pkG6GIZiF1kNg1jAjh27IDxEPKwdGul3snfztFerfPGI1LjDezZp3i7BElXompqEtPmoPx6c2wgtWsOA=="],
+
+    "@tokenizer/token": ["@tokenizer/token@0.3.0", "", {}, "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A=="],
+
+    "@types/bcryptjs": ["@types/bcryptjs@3.0.0", "", { "dependencies": { "bcryptjs": "*" } }, "sha512-WRZOuCuaz8UcZZE4R5HXTco2goQSI2XxjGY3hbM/xDvwmqFWd4ivooImsMx65OKM6CtNKbnZ5YL+YwAwK7c1dg=="],
+
+    "@types/jsonwebtoken": ["@types/jsonwebtoken@9.0.10", "", { "dependencies": { "@types/ms": "*", "@types/node": "*" } }, "sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA=="],
+
+    "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],
+
+    "@types/node": ["@types/node@25.3.0", "", { "dependencies": { "undici-types": "~7.18.0" } }, "sha512-4K3bqJpXpqfg2XKGK9bpDTc6xO/xoUP/RBWS7AtRMug6zZFaRekiLzjVtAoZMquxoAbzBvy5nxQ7veS5eYzf8A=="],
+
+    "@types/pg": ["@types/pg@8.16.0", "", { "dependencies": { "@types/node": "*", "pg-protocol": "*", "pg-types": "^2.2.0" } }, "sha512-RmhMd/wD+CF8Dfo+cVIy3RR5cl8CyfXQ0tGgW6XBL8L4LM/UTEbNXYRbLwU6w+CgrKBNbrQWt4FUtTfaU5jSYQ=="],
+
+    "@unhead/schema": ["@unhead/schema@1.11.20", "", { "dependencies": { "hookable": "^5.5.3", "zhead": "^2.2.4" } }, "sha512-0zWykKAaJdm+/Y7yi/Yds20PrUK7XabLe9c3IRcjnwYmSWY6z0Cr19VIs3ozCj8P+GhR+/TI2mwtGlueCEYouA=="],
+
+    "bcryptjs": ["bcryptjs@3.0.3", "", { "bin": { "bcrypt": "bin/bcrypt" } }, "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g=="],
+
+    "better-auth": ["better-auth@1.4.18", "", { "dependencies": { "@better-auth/core": "1.4.18", "@better-auth/telemetry": "1.4.18", "@better-auth/utils": "0.3.0", "@better-fetch/fetch": "1.1.21", "@noble/ciphers": "^2.0.0", "@noble/hashes": "^2.0.0", "better-call": "1.1.8", "defu": "^6.1.4", "jose": "^6.1.0", "kysely": "^0.28.5", "nanostores": "^1.0.1", "zod": "^4.3.5" }, "peerDependencies": { "@lynx-js/react": "*", "@prisma/client": "^5.0.0 || ^6.0.0 || ^7.0.0", "@sveltejs/kit": "^2.0.0", "@tanstack/react-start": "^1.0.0", "@tanstack/solid-start": "^1.0.0", "better-sqlite3": "^12.0.0", "drizzle-kit": ">=0.31.4", "drizzle-orm": ">=0.41.0", "mongodb": "^6.0.0 || ^7.0.0", "mysql2": "^3.0.0", "next": "^14.0.0 || ^15.0.0 || ^16.0.0", "pg": "^8.0.0", "prisma": "^5.0.0 || ^6.0.0 || ^7.0.0", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0", "solid-js": "^1.0.0", "svelte": "^4.0.0 || ^5.0.0", "vitest": "^2.0.0 || ^3.0.0 || ^4.0.0", "vue": "^3.0.0" }, "optionalPeers": ["@lynx-js/react", "@prisma/client", "@sveltejs/kit", "@tanstack/react-start", "@tanstack/solid-start", "better-sqlite3", "drizzle-kit", "drizzle-orm", "mongodb", "mysql2", "next", "pg", "prisma", "react", "react-dom", "solid-js", "svelte", "vitest", "vue"] }, "sha512-bnyifLWBPcYVltH3RhS7CM62MoelEqC6Q+GnZwfiDWNfepXoQZBjEvn4urcERC7NTKgKq5zNBM8rvPvRBa6xcg=="],
+
+    "better-call": ["better-call@1.1.8", "", { "dependencies": { "@better-auth/utils": "^0.3.0", "@better-fetch/fetch": "^1.1.4", "rou3": "^0.7.10", "set-cookie-parser": "^2.7.1" }, "peerDependencies": { "zod": "^4.0.0" }, "optionalPeers": ["zod"] }, "sha512-XMQ2rs6FNXasGNfMjzbyroSwKwYbZ/T3IxruSS6U2MJRsSYh3wYtG3o6H00ZlKZ/C/UPOAD97tqgQJNsxyeTXw=="],
+
+    "buffer-equal-constant-time": ["buffer-equal-constant-time@1.0.1", "", {}, "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA=="],
+
+    "bun-types": ["bun-types@1.3.9", "", { "dependencies": { "@types/node": "*" } }, "sha512-+UBWWOakIP4Tswh0Bt0QD0alpTY8cb5hvgiYeWCMet9YukHbzuruIEeXC2D7nMJPB12kbh8C7XJykSexEqGKJg=="],
+
+    "cookie": ["cookie@1.1.1", "", {}, "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ=="],
+
+    "debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
+
+    "defu": ["defu@6.1.4", "", {}, "sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg=="],
+
+    "dotenv": ["dotenv@17.3.1", "", {}, "sha512-IO8C/dzEb6O3F9/twg6ZLXz164a2fhTnEWb95H23Dm4OuN+92NmEAlTrupP9VW6Jm3sO26tQlqyvyi4CsnY9GA=="],
+
+    "ecdsa-sig-formatter": ["ecdsa-sig-formatter@1.0.11", "", { "dependencies": { "safe-buffer": "^5.0.1" } }, "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ=="],
+
+    "elysia": ["elysia@1.4.25", "", { "dependencies": { "cookie": "^1.1.1", "exact-mirror": "^0.2.7", "fast-decode-uri-component": "^1.0.1", "memoirist": "^0.4.0" }, "peerDependencies": { "@sinclair/typebox": ">= 0.34.0 < 1", "@types/bun": ">= 1.2.0", "file-type": ">= 20.0.0", "openapi-types": ">= 12.0.0", "typescript": ">= 5.0.0" }, "optionalPeers": ["@types/bun", "typescript"] }, "sha512-liKjavH99Gpzrv9cDil6uYWmPuqESfPFV1FIaFSd3iNqo3y7e29sN43VxFIK8tWWnyi6eDAmi2SZk8hNAMQMyg=="],
+
+    "exact-mirror": ["exact-mirror@0.2.7", "", { "peerDependencies": { "@sinclair/typebox": "^0.34.15" }, "optionalPeers": ["@sinclair/typebox"] }, "sha512-+MeEmDcLA4o/vjK2zujgk+1VTxPR4hdp23qLqkWfStbECtAq9gmsvQa3LW6z/0GXZyHJobrCnmy1cdeE7BjsYg=="],
+
+    "fast-decode-uri-component": ["fast-decode-uri-component@1.0.1", "", {}, "sha512-WKgKWg5eUxvRZGwW8FvfbaH7AXSh2cL+3j5fMGzUMCxWBJ3dV3a7Wz8y2f/uQ0e3B6WmodD3oS54jTQ9HVTIIg=="],
+
+    "file-type": ["file-type@21.3.0", "", { "dependencies": { "@tokenizer/inflate": "^0.4.1", "strtok3": "^10.3.4", "token-types": "^6.1.1", "uint8array-extras": "^1.4.0" } }, "sha512-8kPJMIGz1Yt/aPEwOsrR97ZyZaD1Iqm8PClb1nYFclUCkBi0Ma5IsYNQzvSFS9ib51lWyIw5mIT9rWzI/xjpzA=="],
+
+    "hookable": ["hookable@5.5.3", "", {}, "sha512-Yc+BQe8SvoXH1643Qez1zqLRmbA5rCL+sSmk6TVos0LWVfNIB7PGncdlId77WzLGSIB5KaWgTaNTs2lNVEI6VQ=="],
+
+    "ieee754": ["ieee754@1.2.1", "", {}, "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="],
+
+    "jose": ["jose@6.1.3", "", {}, "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ=="],
+
+    "jsonwebtoken": ["jsonwebtoken@9.0.3", "", { "dependencies": { "jws": "^4.0.1", "lodash.includes": "^4.3.0", "lodash.isboolean": "^3.0.3", "lodash.isinteger": "^4.0.4", "lodash.isnumber": "^3.0.3", "lodash.isplainobject": "^4.0.6", "lodash.isstring": "^4.0.1", "lodash.once": "^4.0.0", "ms": "^2.1.1", "semver": "^7.5.4" } }, "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g=="],
+
+    "jwa": ["jwa@2.0.1", "", { "dependencies": { "buffer-equal-constant-time": "^1.0.1", "ecdsa-sig-formatter": "1.0.11", "safe-buffer": "^5.0.1" } }, "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg=="],
+
+    "jws": ["jws@4.0.1", "", { "dependencies": { "jwa": "^2.0.1", "safe-buffer": "^5.0.1" } }, "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA=="],
+
+    "kysely": ["kysely@0.28.11", "", {}, "sha512-zpGIFg0HuoC893rIjYX1BETkVWdDnzTzF5e0kWXJFg5lE0k1/LfNWBejrcnOFu8Q2Rfq/hTDTU7XLUM8QOrpzg=="],
+
+    "lodash.includes": ["lodash.includes@4.3.0", "", {}, "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w=="],
+
+    "lodash.isboolean": ["lodash.isboolean@3.0.3", "", {}, "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg=="],
+
+    "lodash.isinteger": ["lodash.isinteger@4.0.4", "", {}, "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA=="],
+
+    "lodash.isnumber": ["lodash.isnumber@3.0.3", "", {}, "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw=="],
+
+    "lodash.isplainobject": ["lodash.isplainobject@4.0.6", "", {}, "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA=="],
+
+    "lodash.isstring": ["lodash.isstring@4.0.1", "", {}, "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw=="],
+
+    "lodash.once": ["lodash.once@4.1.1", "", {}, "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="],
+
+    "memoirist": ["memoirist@0.4.0", "", {}, "sha512-zxTgA0mSYELa66DimuNQDvyLq36AwDlTuVRbnQtB+VuTcKWm5Qc4z3WkSpgsFWHNhexqkIooqpv4hdcqrX5Nmg=="],
+
+    "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
+
+    "nanoid": ["nanoid@5.1.6", "", { "bin": { "nanoid": "bin/nanoid.js" } }, "sha512-c7+7RQ+dMB5dPwwCp4ee1/iV/q2P6aK1mTZcfr1BTuVlyW9hJYiMPybJCcnBlQtuSmTIWNeazm/zqNoZSSElBg=="],
+
+    "nanostores": ["nanostores@1.1.0", "", {}, "sha512-yJBmDJr18xy47dbNVlHcgdPrulSn1nhSE6Ns9vTG+Nx9VPT6iV1MD6aQFp/t52zpf82FhLLTXAXr30NuCnxvwA=="],
+
+    "openapi-types": ["openapi-types@12.1.3", "", {}, "sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw=="],
+
+    "pathe": ["pathe@1.1.2", "", {}, "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ=="],
+
+    "pg": ["pg@8.18.0", "", { "dependencies": { "pg-connection-string": "^2.11.0", "pg-pool": "^3.11.0", "pg-protocol": "^1.11.0", "pg-types": "2.2.0", "pgpass": "1.0.5" }, "optionalDependencies": { "pg-cloudflare": "^1.3.0" }, "peerDependencies": { "pg-native": ">=3.0.1" }, "optionalPeers": ["pg-native"] }, "sha512-xqrUDL1b9MbkydY/s+VZ6v+xiMUmOUk7SS9d/1kpyQxoJ6U9AO1oIJyUWVZojbfe5Cc/oluutcgFG4L9RDP1iQ=="],
+
+    "pg-cloudflare": ["pg-cloudflare@1.3.0", "", {}, "sha512-6lswVVSztmHiRtD6I8hw4qP/nDm1EJbKMRhf3HCYaqud7frGysPv7FYJ5noZQdhQtN2xJnimfMtvQq21pdbzyQ=="],
+
+    "pg-connection-string": ["pg-connection-string@2.11.0", "", {}, "sha512-kecgoJwhOpxYU21rZjULrmrBJ698U2RxXofKVzOn5UDj61BPj/qMb7diYUR1nLScCDbrztQFl1TaQZT0t1EtzQ=="],
+
+    "pg-int8": ["pg-int8@1.0.1", "", {}, "sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw=="],
+
+    "pg-pool": ["pg-pool@3.11.0", "", { "peerDependencies": { "pg": ">=8.0" } }, "sha512-MJYfvHwtGp870aeusDh+hg9apvOe2zmpZJpyt+BMtzUWlVqbhFmMK6bOBXLBUPd7iRtIF9fZplDc7KrPN3PN7w=="],
+
+    "pg-protocol": ["pg-protocol@1.11.0", "", {}, "sha512-pfsxk2M9M3BuGgDOfuy37VNRRX3jmKgMjcvAcWqNDpZSf4cUmv8HSOl5ViRQFsfARFn0KuUQTgLxVMbNq5NW3g=="],
+
+    "pg-types": ["pg-types@2.2.0", "", { "dependencies": { "pg-int8": "1.0.1", "postgres-array": "~2.0.0", "postgres-bytea": "~1.0.0", "postgres-date": "~1.0.4", "postgres-interval": "^1.1.0" } }, "sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA=="],
+
+    "pgpass": ["pgpass@1.0.5", "", { "dependencies": { "split2": "^4.1.0" } }, "sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug=="],
+
+    "postgres": ["postgres@3.4.8", "", {}, "sha512-d+JFcLM17njZaOLkv6SCev7uoLaBtfK86vMUXhW1Z4glPWh4jozno9APvW/XKFJ3CCxVoC7OL38BqRydtu5nGg=="],
+
+    "postgres-array": ["postgres-array@2.0.0", "", {}, "sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA=="],
+
+    "postgres-bytea": ["postgres-bytea@1.0.1", "", {}, "sha512-5+5HqXnsZPE65IJZSMkZtURARZelel2oXUEO8rH83VS/hxH5vv1uHquPg5wZs8yMAfdv971IU+kcPUczi7NVBQ=="],
+
+    "postgres-date": ["postgres-date@1.0.7", "", {}, "sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q=="],
+
+    "postgres-interval": ["postgres-interval@1.2.0", "", { "dependencies": { "xtend": "^4.0.0" } }, "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ=="],
+
+    "rou3": ["rou3@0.7.12", "", {}, "sha512-iFE4hLDuloSWcD7mjdCDhx2bKcIsYbtOTpfH5MHHLSKMOUyjqQXTeZVa289uuwEGEKFoE/BAPbhaU4B774nceg=="],
+
+    "safe-buffer": ["safe-buffer@5.2.1", "", {}, "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="],
+
+    "semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
+
+    "set-cookie-parser": ["set-cookie-parser@2.7.2", "", {}, "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="],
+
+    "split2": ["split2@4.2.0", "", {}, "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg=="],
+
+    "strtok3": ["strtok3@10.3.4", "", { "dependencies": { "@tokenizer/token": "^0.3.0" } }, "sha512-KIy5nylvC5le1OdaaoCJ07L+8iQzJHGH6pWDuzS+d07Cu7n1MZ2x26P8ZKIWfbK02+XIL8Mp4RkWeqdUCrDMfg=="],
+
+    "token-types": ["token-types@6.1.2", "", { "dependencies": { "@borewit/text-codec": "^0.2.1", "@tokenizer/token": "^0.3.0", "ieee754": "^1.2.1" } }, "sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww=="],
+
+    "type-fest": ["type-fest@4.41.0", "", {}, "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA=="],
+
+    "uint8array-extras": ["uint8array-extras@1.5.0", "", {}, "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A=="],
+
+    "undici-types": ["undici-types@7.18.2", "", {}, "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w=="],
+
+    "xtend": ["xtend@4.0.2", "", {}, "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ=="],
+
+    "zhead": ["zhead@2.2.4", "", {}, "sha512-8F0OI5dpWIA5IGG5NHUg9staDwz/ZPxZtvGVf01j7vHqSyZ0raHY+78atOVxRqb73AotX22uV1pXt3gYSstGag=="],
+
+    "zod": ["zod@4.3.6", "", {}, "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg=="],
+
+    "@scalar/themes/@scalar/types": ["@scalar/types@0.1.7", "", { "dependencies": { "@scalar/openapi-types": "0.2.0", "@unhead/schema": "^1.11.11", "nanoid": "^5.1.5", "type-fest": "^4.20.0", "zod": "^3.23.8" } }, "sha512-irIDYzTQG2KLvFbuTI8k2Pz/R4JR+zUUSykVTbEMatkzMmVFnn1VzNSMlODbadycwZunbnL2tA27AXed9URVjw=="],
+
+    "@scalar/themes/@scalar/types/@scalar/openapi-types": ["@scalar/openapi-types@0.2.0", "", { "dependencies": { "zod": "^3.23.8" } }, "sha512-waiKk12cRCqyUCWTOX0K1WEVX46+hVUK+zRPzAahDJ7G0TApvbNkuy5wx7aoUyEk++HHde0XuQnshXnt8jsddA=="],
+
+    "@scalar/themes/@scalar/types/zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
+  }
+}

backend/package.json

@@ -10,13 +10,14 @@
   "dependencies": {
     "@elysiajs/cors": "^1.4.1",
     "@elysiajs/swagger": "^1.3.1",
+    "bcryptjs": "^3.0.3",
+    "better-auth": "^1.4.18",
+    "dotenv": "^17.3.1",
     "elysia": "^1.4.25",
+    "jsonwebtoken": "^9.0.3",
     "pg": "^8.18.0",
     "postgres": "^3.4.8",
-    "dotenv": "^17.3.1",
-    "zod": "^4.3.6",
-    "bcryptjs": "^3.0.3",
-    "jsonwebtoken": "^9.0.3"
+    "zod": "^4.3.6"
   },
   "devDependencies": {
     "@types/pg": "^8.16.0",

backend/src/auth.ts

@@ -0,0 +1,35 @@
+import { betterAuth } from "better-auth";
+import { Pool } from "pg";
+
+export const auth = betterAuth({
+  database: new Pool({
+    connectionString: process.env.DATABASE_URL || 'postgres://postgres:postgres@localhost:5432/fiscal',
+  }),
+  emailAndPassword: {
+    enabled: true,
+  },
+  socialProviders: {
+    github: {
+      clientId: process.env.GITHUB_ID as string,
+      clientSecret: process.env.GITHUB_SECRET as string,
+    },
+    google: {
+      clientId: process.env.GOOGLE_ID as string,
+      clientSecret: process.env.GOOGLE_SECRET as string,
+    },
+  },
+  user: {
+    modelName: "users",
+    additionalFields: {
+      name: {
+        type: "string",
+        required: false,
+      },
+    },
+  },
+  advanced: {
+    database: {
+      generateId: false, // Use PostgreSQL serial for users table
+    },
+  },
+});

backend/src/better-auth-migrate.ts

@@ -0,0 +1,109 @@
+import { db } from './db';
+
+async function migrateToBetterAuth() {
+  console.log('Migrating to Better Auth schema...');
+
+  try {
+    // Add Better Auth columns to users table
+    await db`
+      ALTER TABLE users
+      ADD COLUMN IF NOT EXISTS email_verified BOOLEAN DEFAULT FALSE
+    `;
+
+    await db`
+      ALTER TABLE users
+      ADD COLUMN IF NOT EXISTS image TEXT
+    `;
+
+    console.log('✅ Added Better Auth columns to users table');
+
+    // Create session table
+    await db`
+      CREATE TABLE IF NOT EXISTS session (
+        id TEXT PRIMARY KEY,
+        user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
+        token TEXT NOT NULL UNIQUE,
+        expires_at TIMESTAMP NOT NULL,
+        ip_address TEXT,
+        user_agent TEXT,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+      )
+    `;
+
+    console.log('✅ Created session table');
+
+    // Create account table
+    await db`
+      CREATE TABLE IF NOT EXISTS account (
+        id TEXT PRIMARY KEY,
+        user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
+        account_id TEXT NOT NULL,
+        provider_id TEXT NOT NULL,
+        access_token TEXT,
+        refresh_token TEXT,
+        access_token_expires_at TIMESTAMP,
+        refresh_token_expires_at TIMESTAMP,
+        scope TEXT,
+        id_token TEXT,
+        password TEXT,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        UNIQUE(user_id, provider_id, account_id)
+      )
+    `;
+
+    console.log('✅ Created account table');
+
+    // Create verification table
+    await db`
+      CREATE TABLE IF NOT EXISTS verification (
+        id TEXT PRIMARY KEY,
+        identifier TEXT NOT NULL,
+        value TEXT NOT NULL,
+        expires_at TIMESTAMP NOT NULL,
+        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+      )
+    `;
+
+    console.log('✅ Created verification table');
+
+    // Create indexes
+    await db`CREATE INDEX IF NOT EXISTS idx_session_user_id ON session(user_id)`;
+    await db`CREATE INDEX IF NOT EXISTS idx_session_token ON session(token)`;
+    await db`CREATE INDEX IF NOT EXISTS idx_session_expires_at ON session(expires_at)`;
+    await db`CREATE INDEX IF NOT EXISTS idx_account_user_id ON account(user_id)`;
+    await db`CREATE INDEX IF NOT EXISTS idx_account_provider_id ON account(provider_id)`;
+    await db`CREATE INDEX IF NOT EXISTS idx_verification_identifier ON verification(identifier)`;
+    await db`CREATE INDEX IF NOT EXISTS idx_verification_expires_at ON verification(expires_at)`;
+
+    console.log('✅ Created indexes');
+
+    // Migrate existing users to account table for credential auth
+    await db`
+      INSERT INTO account (id, user_id, account_id, provider_id, password, created_at, updated_at)
+      SELECT
+        gen_random_uuid(),
+        id,
+        id::text,
+        'credential',
+        password,
+        created_at,
+        updated_at
+      FROM users
+      WHERE password IS NOT NULL
+      ON CONFLICT DO NOTHING
+    `;
+
+    console.log('✅ Migrated existing users to account table');
+
+    console.log('✅ Better Auth migration completed!');
+    process.exit(0);
+  } catch (error) {
+    console.error('❌ Migration failed:', error);
+    process.exit(1);
+  }
+}
+
+migrateToBetterAuth();

backend/src/index.ts

@@ -9,8 +9,8 @@ import { db } from './db';
 import { filingsRoutes } from './routes/filings';
 import { portfolioRoutes } from './routes/portfolio';
 import { openclawRoutes } from './routes/openclaw';
-import { authRoutes } from './routes/auth';
 import { watchlistRoutes } from './routes/watchlist';
+import { betterAuthRoutes } from './routes/better-auth';
 
 const app = new Elysia({
   prefix: '/api'
@@ -29,7 +29,7 @@ const app = new Elysia({
       }
     }
   }))
-  .use(authRoutes)
+  .use(betterAuthRoutes)
   .use(filingsRoutes)
   .use(portfolioRoutes)
   .use(watchlistRoutes)

backend/src/routes/better-auth.ts

@@ -0,0 +1,7 @@
+import { Elysia } from 'elysia';
+import { auth } from '../auth';
+
+export const betterAuthRoutes = new Elysia()
+  .all('/api/auth/*', async ({ request }) => {
+    return auth.handler(request);
+  });

frontend/app/api/auth/[...nextauth]/route.ts

@@ -1,67 +0,0 @@
-import NextAuth from 'next-auth'
-import GitHub from 'next-auth/providers/github'
-import Google from 'next-auth/providers/google'
-import Credentials from 'next-auth/providers/credentials'
-import type { NextAuthConfig } from 'next-auth'
-
-export const config: NextAuthConfig = {
-  providers: [
-    GitHub({
-      clientId: process.env.GITHUB_ID,
-      clientSecret: process.env.GITHUB_SECRET,
-    }),
-    Google({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-    Credentials({
-      name: 'Credentials',
-      credentials: {
-        email: { label: "Email", type: "email" },
-        password: { label: "Password", type: "password" }
-      },
-      async authorize(credentials) {
-        // Call backend API to verify credentials
-        const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/auth/login`, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(credentials)
-        })
-
-        const user = await res.json()
-        if (res.ok && user) {
-          return user
-        }
-        return null
-      }
-    })
-  ],
-  pages: {
-    signIn: '/auth/signin',
-  },
-  callbacks: {
-    async jwt({ token, user }) {
-      if (user) {
-        token.id = user.id
-        token.email = user.email
-        token.name = user.name
-      }
-      return token
-    },
-    async session({ session, token }) {
-      if (session.user) {
-        session.user.id = token.id as string
-        session.user.email = token.email as string
-      }
-      return session
-    }
-  },
-  session: {
-    strategy: 'jwt',
-    maxAge: 30 * 24 * 60 * 60, // 30 days
-  }
-}
-
-export const { handlers, auth, signIn, signOut } = NextAuth(config)
-
-export { handlers as GET, handlers as POST }

frontend/app/auth/signin/page.tsx

@@ -1,6 +1,6 @@
 'use client';
 
-import { signIn } from 'next-auth/react';
+import { signIn } from '@/lib/better-auth';
 import { useState } from 'react';
 
 export default function SignIn() {
@@ -15,14 +15,13 @@ export default function SignIn() {
     setError('');
 
     try {
-      const result = await signIn('credentials', {
+      const result = await signIn.email({
         email,
         password,
-        redirect: false
       });
 
-      if (result?.error) {
-        setError('Invalid credentials');
+      if (result.error) {
+        setError(result.error.message || 'Invalid credentials');
       } else {
         window.location.href = '/';
       }
@@ -33,6 +32,17 @@ export default function SignIn() {
     }
   };
 
+  const handleSocialSignIn = async (provider: 'github' | 'google') => {
+    try {
+      await signIn.social({
+        provider,
+        callbackURL: '/',
+      });
+    } catch (err) {
+      setError(`Failed to sign in with ${provider}`);
+    }
+  };
+
   return (
     <div className="min-h-screen bg-gradient-to-br from-slate-900 to-slate-800 flex items-center justify-center p-4">
       <div className="max-w-md w-full bg-slate-800/50 rounded-lg p-8 border border-slate-700">
@@ -99,16 +109,16 @@ export default function SignIn() {
 
         <div className="mt-6 grid grid-cols-2 gap-4">
           <button
-            onClick={() => signIn('github')}
+            onClick={() => handleSocialSignIn('github')}
             className="bg-slate-700 hover:bg-slate-600 text-white font-semibold py-3 rounded-lg transition flex items-center justify-center gap-2"
           >
             <svg className="w-5 h-5" fill="currentColor" viewBox="0 0 24 24">
-              <path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546 1.377-1.333 1.377-1.333 1.06 0 1.783.591 1.783.591.266 0 .494-.107.68-.297.107-.297.469-.936.469-1.684 0-1.251-1.006-2.261-2.261-2.261-.965 0-1.757.781-1.757 1.753 0 .286.08.526.212.743.265.265.265.265.673 0 .995-.265.323-.646.454-.646.454-.323 0-.543-.181-.699-.468-.156-.287-.234-.744-.234-1.364v-2.261c-3.37.726-4.148-1.417-4.148-1.417-.557 1.39-1.353 1.39-1.353 1.073 0 1.814.603 1.814.603.277 0 .516-.111.728-.296.212-.185.313-.61.313-1.303 0-1.258-1.018-2.274-2.274-2.274-.984 0-1.796.802-1.796 1.796 0 .29.095.536.26.758.26.26.26.669 0 .996-.266.327-.649.457-.649.457-.33 0-.556-.186-.713-.48-.157-.293-.236-.767-.236-1.404v-2.279c-3.404.741-4.242-1.447-4.242-1.447-.569 1.416-1.379 1.416-1.379 1.084 0 1.829.616 1.829.616.283 0 .523-.113.742-.301.22-.188.327-.626.327-1.323 0-1.265-1.03-2.29-2.29-2.29-1.006 0-1.831.825-1.831 1.831 0 .294.099.543.277.767.277.277.277.693 0 1.004-.27.311-.663.437-.663.437-.34 0-.571-.197-.736-.506-.165-.31-.248-.794-.248-1.447v-2.293c-3.432.748-4.338-1.48-4.338-1.48-.583 1.44-1.404 1.44-1.404 1.095 0 1.846.629 1.846.629.29 0 .537-.116.76-.308.223-.192.34-.648.34-1.35 0-1.271-1.044-2.304-2.304-2.304-1.029 0-1.867.839-1.867 1.867 0 .298.102.55.286.775.286.286.286.718 0 1.039-.278.316-.682.443-.682.443-.349 0-.597-.204-.761-.523-.165-.32-.248-.825-.248-1.491v-2.307c-3.462.756-4.432-1.514-4.432-1.514-.597 1.463-1.431 1.463-1.431 1.105 0 1.864.64 1.864.64.297 0 .55-.119.774-.313.224-.193.353-.672.353-1.377 0-1.277-1.059-2.318-2.318-2.318-1.053 0-1.904.865-1.904 1.904 0 .302.105.557.297.786.297.297.297.741 0 1.075-.284.32-.716.447-.716.447-.358 0-.622-.211-.788-.549-.167-.338-.25-.858-.25-1.536v-2.322c-3.49.764-4.525-1.549-4.525-1.549-.611 1.487-1.457 1.487-1.457 1.116 0 1.882.651 1.882.651.303 0 .562-.123.792-.319.23-.196.361-.696.361-1.405 0-1.283-1.074-2.332-2.332-2.332-1.078 0-1.94.881-1.94 1.94 0 .306.107.567.303.798.303.303.303.763 0 1.111-.29.325-.75.452-.75.452-.367 0-.646-.219-.814-.575-.168-.357-.254-.891-.254-1.582v-2.336c-3.52.772-4.617-1.585-4.617-1.585-.625 1.511-1.484 1.511-1.484 1.127 0 1.9.663 1.9.663.309 0 .574-.127.81-.326.236-.199.368-.721.368-1.432 0-1.29-1.089-2.346-2.346-2.346-1.103 0-1.976.904-1.976 1.976 0 .31.109.579.31.81.31.31.31.784 0 1.147-.298.331-.783.457-.783.457-.376 0-.67-.227-.842-.602-.172-.376-.259-.923-.259-1.628v-2.35z"/>
+              <path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546 1.377-1.333 1.377-1.333 1.06 0 1.783.591 1.783.591.266 0 .494-.107.68-.297.107-.297.469-.936.469-1.684 0-1.251-1.006-2.261-2.261-2.261-.965 0-1.757.781-1.757 1.753 0 .286.08.526.212.743.265.265.265.673 0 .995-.265.323-.646.454-.646.454-.323 0-.543-.181-.699-.468-.156-.287-.234-.744-.234-1.364v-2.261c-3.37.726-4.148-1.417-4.148-1.417-.557 1.39-1.353 1.39-1.353 1.073 0 1.814.603 1.814.603.277 0 .516-.111.728-.296.212-.185.313-.61.313-1.303 0-1.258-1.018-2.274-2.274-2.274-.984 0-1.796.802-1.796 1.796 0 .29.095.536.26.758.26.26.26.669 0 .996-.266.327-.649.457-.649.457-.33 0-.556-.186-.713-.48-.157-.293-.236-.767-.236-1.404v-2.279c-3.404.741-4.242-1.447-4.242-1.447-.569 1.416-1.379 1.416-1.379 1.084 0 1.829.616 1.829.616.283 0 .523-.113.742-.301.22-.188.327-.626.327-1.323 0-1.265-1.03-2.29-2.29-2.29-1.006 0-1.831.825-1.831 1.831 0 .294.099.543.277.767.277.277.277.693 0 1.004-.27.311-.663.437-.663.437-.34 0-.571-.197-.736-.506-.165-.31-.248-.794-.248-1.447v-2.293c-3.432.748-4.338-1.48-4.338-1.48-.583 1.44-1.404 1.44-1.404 1.095 0 1.846.629 1.846.629.29 0 .537-.116.76-.308.223-.192.34-.648.34-1.35 0-1.271-1.044-2.304-2.304-2.304-1.029 0-1.867.839-1.867 1.867 0 .298.102.55.286.775.286.286.286.718 0 1.039-.278.316-.682.443-.682.443-.349 0-.597-.204-.761-.523-.165-.32-.248-.825-.248-1.491v-2.307c-3.462.756-4.432-1.514-4.432-1.514-.597 1.463-1.431 1.463-1.431 1.105 0 1.864.64 1.864.64.297 0 .55-.119.774-.313.224-.193.353-.672.353-1.377 0-1.277-1.059-2.318-2.318-2.318-1.053 0-1.904.865-1.904 1.904 0 .302.105.557.297.786.297.297.297.741 0 1.075-.284.32-.716.447-.716.447-.358 0-.622-.211-.788-.549-.167-.338-.25-.858-.25-1.536v-2.322c-3.49.764-4.525-1.549-4.525-1.549-.611 1.487-1.457 1.487-1.457 1.116 0 1.882.651 1.882.651.303 0 .562-.123.792-.319.23-.196.361-.696.361-1.405 0-1.283-1.074-2.332-2.332-2.332-1.078 0-1.94.881-1.94 1.94 0 .306.107.567.303.798.303.303.303.763 0 1.111-.29.325-.75.452-.75.452-.367 0-.646-.219-.814-.575-.168-.357-.254-.891-.254-1.582v-2.336c-3.52.772-4.617-1.585-4.617-1.585-.625 1.511-1.484 1.511-1.484 1.127 0 1.9.663 1.9.663.309 0 .574-.127.81-.326.236-.199.368-.721.368-1.432 0-1.29-1.089-2.346-2.346-2.346-1.103 0-1.976.904-1.976 1.976 0 .31.109.579.31.81.31.31.31.784 0 1.147-.298.331-.783.457-.783.457-.376 0-.67-.227-.842-.602-.172-.376-.259-.923-.259-1.628v-2.35z"/>
             </svg>
             GitHub
           </button>
           <button
-            onClick={() => signIn('google')}
+            onClick={() => handleSocialSignIn('google')}
             className="bg-slate-700 hover:bg-slate-600 text-white font-semibold py-3 rounded-lg transition flex items-center justify-center gap-2"
           >
             <svg className="w-5 h-5" viewBox="0 0 24 24">

frontend/app/auth/signup/page.tsx

@@ -1,69 +1,39 @@
 'use client';
 
+import { signUp } from '@/lib/better-auth';
 import { useState } from 'react';
 
 export default function SignUp() {
-  const [formData, setFormData] = useState({
-    name: '',
-    email: '',
-    password: '',
-    confirmPassword: ''
-  });
+  const [name, setName] = useState('');
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
   const [loading, setLoading] = useState(false);
   const [error, setError] = useState('');
-  const [success, setSuccess] = useState(false);
 
-  const handleSubmit = async (e: React.FormEvent) => {
+  const handleSignUp = async (e: React.FormEvent) => {
     e.preventDefault();
     setLoading(true);
     setError('');
 
-    if (formData.password !== formData.confirmPassword) {
-      setError('Passwords do not match');
-      setLoading(false);
-      return;
-    }
-
     try {
-      const response = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/auth/register`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          name: formData.name,
-          email: formData.email,
-          password: formData.password
-        })
+      const result = await signUp.email({
+        email,
+        password,
+        name,
       });
 
-      const data = await response.json();
-
-      if (!response.ok) {
-        setError(data.error || 'Registration failed');
+      if (result.error) {
+        setError(result.error.message || 'Sign up failed');
       } else {
-        setSuccess(true);
-        setTimeout(() => {
-          window.location.href = '/auth/signin';
-        }, 2000);
+        window.location.href = '/';
       }
     } catch (err) {
-      setError('Registration failed');
+      setError('Sign up failed');
     } finally {
       setLoading(false);
     }
   };
 
-  if (success) {
-    return (
-      <div className="min-h-screen bg-gradient-to-br from-slate-900 to-slate-800 flex items-center justify-center p-4">
-        <div className="max-w-md w-full bg-slate-800/50 rounded-lg p-8 border border-slate-700 text-center">
-          <div className="text-green-400 text-6xl mb-4">✓</div>
-          <h2 className="text-2xl font-bold text-white mb-2">Account Created!</h2>
-          <p className="text-slate-400">Redirecting to sign in...</p>
-        </div>
-      </div>
-    );
-  }
-
   return (
     <div className="min-h-screen bg-gradient-to-br from-slate-900 to-slate-800 flex items-center justify-center p-4">
       <div className="max-w-md w-full bg-slate-800/50 rounded-lg p-8 border border-slate-700">
@@ -78,17 +48,17 @@ export default function SignUp() {
           </div>
         )}
 
-        <form onSubmit={handleSubmit} className="space-y-4">
+        <form onSubmit={handleSignUp} className="space-y-4">
           <div>
             <label className="block text-sm font-medium text-slate-300 mb-2">
               Name
             </label>
             <input
               type="text"
-              value={formData.name}
-              onChange={(e) => setFormData({...formData, name: e.target.value})}
+              value={name}
+              onChange={(e) => setName(e.target.value)}
               className="w-full bg-slate-700/50 border border-slate-600 rounded-lg px-4 py-3 text-white placeholder-slate-400 focus:outline-none focus:ring-2 focus:ring-blue-500"
-              placeholder="John Doe"
+              placeholder="Your name"
               required
             />
           </div>
@@ -99,8 +69,8 @@ export default function SignUp() {
             </label>
             <input
               type="email"
-              value={formData.email}
-              onChange={(e) => setFormData({...formData, email: e.target.value})}
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
               className="w-full bg-slate-700/50 border border-slate-600 rounded-lg px-4 py-3 text-white placeholder-slate-400 focus:outline-none focus:ring-2 focus:ring-blue-500"
               placeholder="you@example.com"
               required
@@ -113,23 +83,8 @@ export default function SignUp() {
             </label>
             <input
               type="password"
-              value={formData.password}
-              onChange={(e) => setFormData({...formData, password: e.target.value})}
-              className="w-full bg-slate-700/50 border border-slate-600 rounded-lg px-4 py-3 text-white placeholder-slate-400 focus:outline-none focus:ring-2 focus:ring-blue-500"
-              placeholder="•••••••••"
-              required
-              minLength={8}
-            />
-          </div>
-
-          <div>
-            <label className="block text-sm font-medium text-slate-300 mb-2">
-              Confirm Password
-            </label>
-            <input
-              type="password"
-              value={formData.confirmPassword}
-              onChange={(e) => setFormData({...formData, confirmPassword: e.target.value})}
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
               className="w-full bg-slate-700/50 border border-slate-600 rounded-lg px-4 py-3 text-white placeholder-slate-400 focus:outline-none focus:ring-2 focus:ring-blue-500"
               placeholder="•••••••••"
               required
@@ -142,11 +97,11 @@ export default function SignUp() {
             disabled={loading}
             className="w-full bg-gradient-to-r from-blue-500 to-purple-500 hover:from-blue-600 hover:to-purple-600 text-white font-semibold py-3 rounded-lg transition disabled:opacity-50 disabled:cursor-not-allowed"
           >
-            {loading ? 'Creating Account...' : 'Create Account'}
+            {loading ? 'Creating account...' : 'Sign Up'}
           </button>
         </form>
 
-        <p className="mt-6 text-center text-sm text-slate-400">
+        <p className="mt-8 text-center text-sm text-slate-400">
           Already have an account?{' '}
           <a href="/auth/signin" className="text-blue-400 hover:text-blue-300">
             Sign in

frontend/lib/auth.ts

@@ -1,12 +1,12 @@
-import { auth } from '@/app/api/auth/[...nextauth]/route'
-import { redirect } from 'next/navigation'
+import { authClient } from '@/lib/better-auth';
+import { redirect } from 'next/navigation';
 
 export async function requireAuth() {
-  const session = await auth()
+  const { data: session } = await authClient.getSession();
 
   if (!session || !session.user) {
-    redirect('/auth/signin')
+    redirect('/auth/signin');
   }
 
-  return session
+  return session;
 }

frontend/lib/better-auth.ts

@@ -0,0 +1,7 @@
+import { createAuthClient } from "better-auth/react";
+
+export const authClient = createAuthClient({
+  baseURL: process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3001'
+});
+
+export const { signIn, signUp, signOut, useSession } = authClient;