Skip to content

Refactor/better auth #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 89 commits into from
Oct 14, 2025
Merged

Refactor/better auth #49

merged 89 commits into from
Oct 14, 2025

Conversation

@lebalz
Copy link
Contributor

@lebalz lebalz commented Oct 14, 2025
edited
Loading

Better Auth

Caution

Breaking Changes

This PR migrates to use better auth for authentication and basic user management.

This needed some changes on the infrastructure

  • using ESM instead of CommonJS. This has the following side effects:
    • upgrading to express v5
    • using at least node v22.15.0
  • migrating database
    • user roles are now managed by better-auth - it is now a string instead of an enum
    • better-auth related new db tables
  • refactoring of socketio notifications
    • using a singleton to init and expose socketio server instance, s.t. better auth hooks can access it too

Benefits

  • multiple auth methods (Microsoft, Github, Username-Password)
  • state-of-the-art implementation
  • options to easily add stuff like 2FA or magic email links or whatever...

Upgrade

To upgrade, make sure to

  1. backup your prod db.
  2. add env var BETTER_AUTH_SECRET (see https://www.better-auth.com/docs/installation)
  3. add env var BETTER_AUTH_URL pointing to your backend api url, e.g. https://tdev-api.gbsl.website
  4. check that ALLOWED_ORIGINS contains your frontend url, e.g. https://tdev.gbsl.website
  5. check that you have set a unique APP_NAME, since it is used as a prefix for session cookies
  6. make sure to keep the frontend up-to-date with feature: use better-auth teaching-dev#246
  7. To use node v22.15.0, you must probably update the buildpack on dokku with 
    dokku buildpacks:set-property dev-teaching-api stack gliderlabs/herokuish:latest
  8. edit your Azure/Entrada Config:
  • you can delete the frontend app (GYMB TEACHING-APP...)
  • remove the API config (API Domains and authorized API client apps)
  • add a client secret and add it in the env as MSAL_CLIENT_SECRET
  • add a redirect-url (type WEB) pointing to your api endpoint. for https://tdev-api.gbsl.website this would be https://tdev-api.gbsl.website/api/auth/callback/microsoft

Closes #45

lebalz added 30 commits September 24, 2025 11:40
@lebalz lebalz mentioned this pull request Oct 14, 2025
Merged
@lebalz lebalz merged commit 4ecfa44 into main Oct 14, 2025
1 check passed
@lebalz lebalz deleted the refactor/better-auth branch October 14, 2025 11:14
@SilasBerger SilasBerger mentioned this pull request Oct 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Better Auth

2 participants

@lebalz