feat(app): added better auth for better auth stuff vs my home written broken one

app/main.ts

@@ -13,7 +13,10 @@ import { returnFunc } from "./src/pkg/utils/return.js";
 import { initializeProdPool } from "./src/pkg/prodSql/prodSqlConnect.js";
 import { tryCatch } from "./src/pkg/utils/tryCatch.js";
 import os from "os";
+import cors from "cors";
 import { sendNotify } from "./src/pkg/utils/notify.js";
+import { toNodeHandler } from "better-auth/node";
+import { auth } from "./src/pkg/auth/auth.js";
 
 const main = async () => {
     const env = validateEnv(process.env);
@@ -59,9 +62,6 @@ const main = async () => {
     // express app
     const app = express();
 
-    // global middleware
-    app.use(express.json());
-
     // global env that run only in dev
     if (process.env.NODE_ENV?.trim() !== "production") {
         app.use(morgan("tiny"));
@@ -73,6 +73,33 @@ const main = async () => {
         );
     }
 
+    // global middleware
+    app.all(basePath + "/api/auth/*splat", toNodeHandler(auth)); // sign-in sign-out
+    app.use(express.json());
+
+    const allowedOrigins = [
+        "http://localhost:5173", // dev
+        "http://localhost:4200",
+        env.BETTER_AUTH_URL, // prod
+    ];
+
+    app.use(
+        cors({
+            origin: (origin, callback) => {
+                // allow requests with no origin (like curl, service workers, PWAs)
+                if (!origin) return callback(null, true);
+
+                if (allowedOrigins.includes(origin)) {
+                    return callback(null, true);
+                } else {
+                    return callback(new Error("Not allowed by CORS"));
+                }
+            },
+            methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
+            credentials: true,
+        })
+    );
+
     // docs and api stuff
     app.use(
         basePath + "/d",