chore: Upgrade better-auth to v1.4

[seancheong]

Summary by CodeRabbit

• Chores
  • Updated better-auth to v1.4.7 and drizzle-orm to v0.41.0
• Refactor
  • Optimized authentication handler performance

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
tripa	Ready	Preview, Comment	Dec 21, 2025 9:07am

[coderabbitai]

Walkthrough

Dependencies updated in package.json (better-auth ^1.2.12→^1.4.7, drizzle-orm ^0.44.3→^0.41.0). Auth handlers in authContext.tsx wrapped with useCallback for memoization; signOut flow refactored to delegate navigation to fetchOptions.onSuccess callback. Auth configuration structure adjusted to nest generateId under database object per updated better-auth version requirements.

Changes

Cohort / File(s)	Summary
Dependency updates package.json	better-auth bumped from ^1.2.12 to ^1.4.7; drizzle-orm bumped from ^0.44.3 to ^0.41.0
Auth context refactoring src/contexts/authContext.tsx	Type imports updated (User as type import). githubSignIn, googleSignIn, and signOut handlers wrapped with useCallback for memoization. signOut control flow refactored: navigation moved from immediate router.push to fetchOptions.onSuccess callback. Public API (AuthProvider, useAuth) signatures unchanged.
Auth config restructuring src/utils/auth.ts	Advanced configuration shape changed: advanced: { generateId: false } → advanced: { database: { generateId: false } } to align with better-auth v1.4.7 structure.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Verify signOut navigation and refresh behavior work correctly in the success callback context
• Confirm memoized handlers (useCallback) have correct dependency arrays and don't cause stale closure issues
• Test auth.ts configuration change with new better-auth version end-to-end

Possibly related PRs

• feat: Show auth state and enable signout #56: Modifies signOut implementation and auth handler structure in authContext.tsx with overlapping control flow changes.
• chore: Setup SSR auth for better performance #58: Overlaps on both authContext.tsx (signOut refactoring) and auth.ts (advanced options structure).
• chore: Setup BetterAuth #54: Directly related to the advanced.generateId configuration shape change in auth.ts.

Poem

🐰 Handlers memoized, callbacks refined,
Navigation deferred, success aligned,
Auth flows shimmer with version's new grace,
Dependencies dance at a quickened pace!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: Upgrade better-auth to v1.4' directly corresponds to the main change in the pull request, which involves upgrading the better-auth dependency from v1.2.12 to v1.4.7. The title is concise, specific, and clearly communicates the primary objective of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/upgrade-betterauth-v1.4

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	better-auth@​1.2.12 ⏵ 1.4.7	+2	+23
	drizzle-orm@​0.44.3 ⏵ 0.41.0	+1

View full report

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5cc563b and 00b5977.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• package.json (1 hunks)
• src/contexts/authContext.tsx (4 hunks)
• src/utils/auth.ts (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-07-17T23:34:25.074Z

Learnt from: seancheong
Repo: seancheong/tripa PR: 55
File: src/contexts/authContext.tsx:19-31
Timestamp: 2025-07-17T23:34:25.074Z
Learning: In OAuth authentication flows using better-auth/react that trigger redirects to external providers (like GitHub), the loading state should intentionally remain true after the sign-in call to prevent users from clicking the sign-in button multiple times during the brief window before redirect. The loading state resets naturally when the component unmounts during navigation to the OAuth provider's screen.

Applied to files:

• src/contexts/authContext.tsx

📚 Learning: 2025-07-21T04:32:55.979Z

Learnt from: seancheong
Repo: seancheong/tripa PR: 64
File: src/features/location/contexts/locationContext.tsx:14-18
Timestamp: 2025-07-21T04:32:55.979Z
Learning: seancheong prefers to use default values when creating React contexts rather than undefined, as seen in the LocationContext implementation in src/features/location/contexts/locationContext.tsx. The current pattern with default object values is valid and works correctly with proper error checking in the custom hook.

Applied to files:

• src/contexts/authContext.tsx

🔇 Additional comments (6)

src/contexts/authContext.tsx (4)

1-1: Good use of type import for User.

Using type import is a best practice that helps with tree-shaking and clarifies that User is only used as a type.

---

4-10: LGTM: Import additions support memoization.

The addition of useCallback and reorganization of imports is appropriate for the memoization improvements in this file.

---

35-48: LGTM: githubSignIn properly memoized.

The useCallback memoization with an empty dependency array is correct since there are no external dependencies. The loading state intentionally remains true after sign-in to prevent multiple clicks during OAuth redirect, which aligns with established patterns.

Based on learnings, the loading state behavior during OAuth redirects is intentional.

---

50-63: LGTM: googleSignIn properly memoized.

The useCallback memoization with an empty dependency array is correct. Consistent with the githubSignIn implementation.

src/utils/auth.ts (1)

17-19: Configuration structure is correct for better-auth v1.4.7.

The nesting of generateId under advanced.database is the current API standard following the v1.4 upgrade. This represents the migration away from the deprecated advanced.generateId option to the new advanced.database.generateId pattern.

package.json (1)

31-31: No evidence supports the need for this downgrade. The codebase uses relational queries APIs (relations, db.query.findFirst, db.query.findMany, with) that are available and stable in both v0.41.0 and v0.44.x. Web search found no requirement from better-auth v1.4.7 for drizzle-orm v0.41.0; recent examples show better-auth working with ^0.44.6. Verify whether this downgrade is actually intentional or if ^0.44.3 should be retained.

Likely an incorrect or invalid review comment.