Migrate authentication from next-auth to Better Auth#7
Merged
Conversation
Replaces next-auth (Auth.js v5 beta) with better-auth, keeping the existing Google sign-in and adding email/password login. - betterAuth instance with Prisma adapter, Google provider, and email/password enabled; getSession() helper replaces auth() in server routes and pages - Admin impersonation preserved via the customSession plugin - New /signin and /signup pages; user menu links to /signin - Prisma schema rebuilt for Better Auth (boolean emailVerified, required name, new Account/Session shapes, Verification table); migration carries over existing Google account links, active sessions are dropped - Env: NEXTAUTH_URL renamed to BETTER_AUTH_URL; AUTH_SECRET and AUTH_GOOGLE_* unchanged; Google OAuth callback path is identical - Seed rewritten without @auth/prisma-adapter; tests mock @/lib/auth-client instead of next-auth/react Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces next-auth (Auth.js v5 beta) with Better Auth, keeping the existing Google sign-in and adding email/password login with new
/signinand/signuppages.Server
src/lib/auth.tsis now abetterAuthinstance (Prisma adapter, Google provider, email/password enabled); agetSession()helper replacesauth()in all API routes and server pages with the samesession.user.{id,role}shapecustomSessionplugin/api/auth/[...nextauth]to/api/auth/[...all]Client
src/lib/auth-client.ts(better-auth/react) replacesnext-auth/react;SessionProviderremoved from the root layout; sessionupdate()calls becamerefetch()/signinpageDatabase
emailVerified, requiredname, newAccount/Sessionshapes,VerificationreplacesVerificationToken@auth/prisma-adapterConfig
NEXTAUTH_URL→BETTER_AUTH_URL(example.env, docker-compose, Dockerfile);AUTH_TRUST_HOSTdroppedAUTH_SECRET,AUTH_GOOGLE_ID,AUTH_GOOGLE_SECRETunchanged, so existing CI secrets keep working; the Google OAuth callback path is identical (no GCP console changes)Test plan
pnpm build,pnpm test(45 tests),pnpm lint,tsc --noEmitall passrole,/dashboardgating (200 with session, 307 anonymous), sign-out, and Google authorization URL generation🤖 Generated with Claude Code