@beignet/provider-auth-better-auth 0.0.26 → 0.0.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/README.md +66 -9
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @beignet/provider-auth-better-auth
|
|
2
2
|
|
|
3
|
+
## 0.0.28
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- c7f7f1d: Document optional Next.js 16 cookie-only Better Auth proxy redirects for app-specific protected UI routes.
|
|
8
|
+
|
|
9
|
+
## 0.0.27
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- f2461a9: Add lazy Next route server loaders and update generated route files and package docs to avoid booting providers during production build imports.
|
|
14
|
+
|
|
3
15
|
## 0.0.26
|
|
4
16
|
|
|
5
17
|
### Patch Changes
|
package/README.md
CHANGED
|
@@ -179,17 +179,20 @@ export const appContext = defineServerContext<AppContext, AppRuntimePorts>()({
|
|
|
179
179
|
|
|
180
180
|
```ts
|
|
181
181
|
// server/index.ts
|
|
182
|
-
import { createNextServer } from "@beignet/next";
|
|
182
|
+
import { createNextServer, createNextServerLoader } from "@beignet/next";
|
|
183
183
|
import { appPorts } from "@/infra/app-ports";
|
|
184
184
|
import { appContext } from "@/server/context";
|
|
185
185
|
import { routes } from "@/server/routes";
|
|
186
|
-
import { providers } from "./providers";
|
|
187
186
|
|
|
188
|
-
export const
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
187
|
+
export const getServer = createNextServerLoader(async () => {
|
|
188
|
+
const { providers } = await import("./providers");
|
|
189
|
+
|
|
190
|
+
return createNextServer({
|
|
191
|
+
ports: appPorts,
|
|
192
|
+
providers,
|
|
193
|
+
context: appContext,
|
|
194
|
+
routes,
|
|
195
|
+
});
|
|
193
196
|
});
|
|
194
197
|
```
|
|
195
198
|
|
|
@@ -269,6 +272,32 @@ It does not expose a Better Auth escape hatch; route handlers that need
|
|
|
269
272
|
provider-native auth flows should mount Better Auth's own routes separately,
|
|
270
273
|
usually under `app/api/auth/[...all]/route.ts`.
|
|
271
274
|
|
|
275
|
+
## Auth callbacks and app ports
|
|
276
|
+
|
|
277
|
+
Better Auth callbacks such as `sendResetPassword` and organization
|
|
278
|
+
invitation emails run outside the Beignet request pipeline. Reach the app's
|
|
279
|
+
mail and logger ports through the booted server instead of constructing a
|
|
280
|
+
parallel mail client:
|
|
281
|
+
|
|
282
|
+
```typescript
|
|
283
|
+
async sendResetPassword({ user, url }) {
|
|
284
|
+
// Dynamic import breaks the module cycle (server -> providers -> auth);
|
|
285
|
+
// getServer() is memoized, so this resolves to a cached instance.
|
|
286
|
+
const { getServer } = await import("@/server");
|
|
287
|
+
const { ports } = await getServer();
|
|
288
|
+
await ports.mailer.send({
|
|
289
|
+
to: user.email,
|
|
290
|
+
subject: "Reset your password",
|
|
291
|
+
text: `Reset your password: ${url}`,
|
|
292
|
+
});
|
|
293
|
+
}
|
|
294
|
+
```
|
|
295
|
+
|
|
296
|
+
This keeps auth email on the same instrumented, environment-swappable
|
|
297
|
+
provider as the rest of the app. See the
|
|
298
|
+
[Authentication docs](https://beignetjs.com/authentication) for the full
|
|
299
|
+
pattern.
|
|
300
|
+
|
|
272
301
|
## Devtools
|
|
273
302
|
|
|
274
303
|
When `@beignet/devtools` is installed before this provider, auth checks
|
|
@@ -456,11 +485,12 @@ const user = await ctx.ports.auth.requireUser(req);
|
|
|
456
485
|
Better Auth provides its own route handlers for login, signup, etc. You can mount these alongside your Beignet routes:
|
|
457
486
|
|
|
458
487
|
```ts
|
|
459
|
-
//
|
|
488
|
+
// app/api/auth/[...all]/route.ts
|
|
489
|
+
import { toNextJsHandler } from "better-auth/next-js";
|
|
460
490
|
import { auth } from "@/lib/better-auth";
|
|
461
491
|
|
|
462
492
|
// Better Auth handles /api/auth/*
|
|
463
|
-
export const { GET, POST } = auth
|
|
493
|
+
export const { GET, POST } = toNextJsHandler(auth);
|
|
464
494
|
|
|
465
495
|
// Your Beignet routes handle /api/app/*
|
|
466
496
|
// (mounted separately)
|
|
@@ -468,6 +498,33 @@ export const { GET, POST } = auth.handler;
|
|
|
468
498
|
|
|
469
499
|
See the [Better Auth documentation](https://better-auth.com) for details on route configuration.
|
|
470
500
|
|
|
501
|
+
For Next.js 16 app shells, a root `proxy.ts` can improve redirects by checking
|
|
502
|
+
for the presence of the Better Auth session cookie before rendering protected
|
|
503
|
+
UI routes:
|
|
504
|
+
|
|
505
|
+
```ts
|
|
506
|
+
import { getSessionCookie } from "better-auth/cookies";
|
|
507
|
+
import { NextResponse, type NextRequest } from "next/server";
|
|
508
|
+
|
|
509
|
+
export function proxy(request: NextRequest) {
|
|
510
|
+
const sessionCookie = getSessionCookie(request);
|
|
511
|
+
|
|
512
|
+
if (!sessionCookie) {
|
|
513
|
+
return NextResponse.redirect(new URL("/sign-in", request.url));
|
|
514
|
+
}
|
|
515
|
+
|
|
516
|
+
return NextResponse.next();
|
|
517
|
+
}
|
|
518
|
+
|
|
519
|
+
export const config = {
|
|
520
|
+
matcher: ["/dashboard/:path*", "/settings/:path*"],
|
|
521
|
+
};
|
|
522
|
+
```
|
|
523
|
+
|
|
524
|
+
This is only an optimistic UX gate. Keep Beignet's server context, auth hooks,
|
|
525
|
+
policies, and use-case helpers as the real authorization boundary, because a
|
|
526
|
+
cookie-only check does not validate the session.
|
|
527
|
+
|
|
471
528
|
## Examples
|
|
472
529
|
|
|
473
530
|
### Basic setup
|
package/package.json
CHANGED