88 lines
2.3 KiB
TypeScript
88 lines
2.3 KiB
TypeScript
import { betterAuth, type User } from "better-auth";
|
|
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
|
import { admin, apiKey, jwt, username } from "better-auth/plugins";
|
|
import { eq } from "drizzle-orm";
|
|
import { db } from "../db/db.controller.js";
|
|
import * as rawSchema from "../db/schema/auth.schema.js";
|
|
import { allowedOrigins } from "./cors.utils.js";
|
|
import { sendEmail } from "./sendEmail.utils.js";
|
|
|
|
export const schema = {
|
|
user: rawSchema.user,
|
|
session: rawSchema.session,
|
|
account: rawSchema.account,
|
|
verification: rawSchema.verification,
|
|
jwks: rawSchema.jwks,
|
|
apiKey: rawSchema.apikey, // 🔑 rename to apiKey
|
|
};
|
|
|
|
export const auth = betterAuth({
|
|
appName: "lst",
|
|
baseURL: process.env.URL,
|
|
database: drizzleAdapter(db, {
|
|
provider: "pg",
|
|
}),
|
|
plugins: [
|
|
jwt({ jwt: { expirationTime: "1h" } }),
|
|
apiKey(),
|
|
admin(),
|
|
username(),
|
|
],
|
|
trustedOrigins: allowedOrigins,
|
|
// email or username and password.
|
|
emailAndPassword: {
|
|
enabled: true,
|
|
minPasswordLength: 8, // optional config
|
|
resetPasswordTokenExpirySeconds: process.env.RESET_EXPIRY_SECONDS, // time in seconds
|
|
sendResetPassword: async ({ user, token }) => {
|
|
const frontendUrl = `${process.env.BETTER_AUTH_URL}/lst/app/user/resetpassword?token=${token}`;
|
|
const expiryMinutes = Math.floor(
|
|
parseInt(process.env.RESET_EXPIRY_SECONDS ?? "3600", 10) / 60,
|
|
);
|
|
const expiryText =
|
|
expiryMinutes >= 60
|
|
? `${expiryMinutes / 60} hour${expiryMinutes === 60 ? "" : "s"}`
|
|
: `${expiryMinutes} minutes`;
|
|
const emailData = {
|
|
email: user.email,
|
|
subject: "LST- Forgot password request",
|
|
template: "forgotPassword",
|
|
context: {
|
|
username: user.name,
|
|
email: user.email,
|
|
url: frontendUrl,
|
|
expiry: expiryText,
|
|
},
|
|
};
|
|
await sendEmail(emailData);
|
|
},
|
|
// onPasswordReset: async ({ user }, request) => {
|
|
// // your logic here
|
|
// console.log(`Password for user ${user.email} has been reset.`);
|
|
// },
|
|
},
|
|
session: {
|
|
expiresIn: 60 * 60,
|
|
updateAge: 60 * 5,
|
|
freshAge: 60 * 2,
|
|
cookieCache: {
|
|
enabled: true,
|
|
maxAge: 5 * 60,
|
|
},
|
|
},
|
|
cookie: {
|
|
path: "/lst/app",
|
|
sameSite: "lax",
|
|
secure: false,
|
|
httpOnly: true,
|
|
},
|
|
events: {
|
|
async onSignInSuccess({ user }: { user: User }) {
|
|
await db
|
|
.update(rawSchema.user)
|
|
.set({ lastLogin: new Date() })
|
|
.where(eq(schema.user.id, user.id));
|
|
},
|
|
},
|
|
});
|